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The Best 


SHAWN POWERS 


of the Best 


| jokingly say it’s because all the 

work is done by the community, 
but honestly, it’s because | love 
hearing the feedback from everyone. 
Year after year, | inevitably learn about 
a new technology or application, 
and I’m usually surprised by at least 
one of the voting results. It’s also an 
“unthemed” issue, which means our 
articles can be from any discipline 
in the Linux world. Welcome to the 
Readers’ Choice issue of Linux Journal. 

Reuven M. Lerner starts us out this 

month with the modern-day equivalent 
of virtual name-based Web hosting. 
Multitenant programming allows a 
single server and/or application to 
serve multiple clients while keeping 
the cross-pollination of data from 
taking place. SaaS isn’t a new concept, 
but Reuven shows how to peel back 
the cloud layer and see what goes on 


j love the Readers’ Choice issue. 


VIDEO: 
Shawn Powers runs 
through the latest issue. 
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behind the scenes. If you’re a Web 
developer, you won't want to miss it. 
I've written several articles through 
the years on SSH, which | like to 
think of as the Swiss Army Knife of 
command-line tools. Dave Taylor talks 
about an equally powerful tool this 
month, namely the find command. It 
seems like a simple concept, but with 
its various options, find can be a 
powerful addition to any Bash script. 
Kyle Rankin talks about something 
I've never been able to get the hang 
of doing. He discusses the virtue of 
using the hjkl keys as opposed to 
arrow keys while editing text files. 
Every once in a while, you'll run across 
a computer that supports only the 
old-school method for moving the 
cursor around, but for Kyle, that old- 
school method is his preferred mode 
of operation. | have to admit, I’m a 
little jealous. | can play a first-person 
shooter with the “wasd” keys, but for 
some reason, my brain just can’t get 
used to “hjkl”. If you have no idea 
what I’m talking about, be sure to 


read Kyle’s column. 

| boldly go where no Shawn 
Powers has gone before and touch 
on development of all things. My 
entire IT career has been one where 
I've avoided programming. Recently, 
| had a need to create a Web-based 
interface for a user, and | learned PHP. 
Granted, PHP isn’t the most modern 
or powerful programming language, 
but if you're like me, it might be the 
perfect intro to development. | urge 
anyone who hates programming to 
read my column. It might surprise you 
how much fun writing code can be. 

Chris Jenks has a cool article in this 
issue where he teaches us to hunt 
rogue access points in a network. 
There obviously are apps for Android 
that will do basic scanning, but Chris 
goes a lot further and discusses 
passively gathering data, looking for 
even hidden SSID networks. If you have 
a need to track down rogue access 
points, but fear sneaky users are hiding 
their tracks, Chris’ article is perfect. 

Jim Hall goes searching this month 
as well, but in his case, he’s searching 
for usability. Jim describes the process 
for formal usability testing and how 
it shapes changes in projects like 
GNOME, which he uses as an example. 
If you've ever been curious about how 
and why desktop programs function 
the way they do, Jim’s article will be 
of incredible interest. In fact, usability 


is most likely one of the factors that 
influences the results of our Readers’ 
Choice awards year after year. If 
proper testing has taken place, the 
chances for a particular technology 
to gain popularity are much higher. 
We stuck with a similar format as last 
year in this issue, and gave the entire 
range of votes as opposed to just the 
top few candidates. If people were 
told only about the most popular 
one or two desktop environments, 

no one would ever hear about Linux 
itself! There are a few upsets this year 
over last year, but every category is 
interesting with a few hidden gems 
that might not be as popular, but 
certainly are worth checking out. 

This issue is truly an eclectic one, 
and although there's not a specific 
focus, that means we get to focus 
on “awesome stuff”, which is always 
enjoyable. We have tech tips, product 
announcements, cool programs and 
enough information to keep an entire 
herd of nerds busy for weeks. We 
hope you enjoy the Readers’ Choice 
issue of Linux Journal. | know we 
enjoyed putting it together.m 


Shawn Powers is the Associate Editor for Linux Journal. 
He’s also the Gadget Guy for LinuxJournal.com, and he has 
an interesting collection of vintage Garfield coffee mugs. 
Don't let his silly hairdo fool you, he’s a pretty ordinary guy 
and can be reached via e-mail at shawn @linuxjournal.com. 
Or, swing by the #linuxjournal IRC channel on Freenode.net. 
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Leap Years in Bash 

Jacques Amar is close (see the October 
2014 Letters). The year 2000 was a 
leap year. 


A year is a leap year if it is a multiple 
of 400 or is a multiple of four and not 
a multiple of 100. 

—fest3er8 


“Accessing the I/O Ports of 

the BeagleBone Black with 
Python” Article 

Regarding Samuel Bucquet’s article in 
the October 2014 issue, it looks like 
the author is running everything as 
root. This seems to be fairly common 
in articles about the Raspberry Pi or 
BBB where the hardware Is accessed, 
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as Linux puts up some security barriers 
to protect these ports from the 
ordinary user. There are reasonable 
ways to work around this limitation, 
such as exporting the pins in a boot 
script. Also, WeblOPi looks like a 

well put together solution for the 
Raspberry Pi that could be ported to 
the BBB. LJ should not be encouraging 
running as root, particularly on 
hardware that frequently ends up as 
mini-Web servers. 

—Mike Beaver 


Samuel Bucquet replies: Thank you, 
Mr Beaver, for pointing this out. 


The access of the IO ports needs 

a lot of attention in a multi-user 
scenario. In the same way, if there is a 
possibility of multiple tasks accessing 
the same hardware simultaneously, 
you need to consider some locking 
mechanism. The majority of the tasks 
! described in the article are hardware 
administration tasks, but the reading 
and writing on the IO ports can be 
done as a regular user, like the user 

a Web server is running with to allow 
access of |O ports from a Web page. 


Serial ports: /n order to use them as a 
regular user, there is nothing special 


to do, as long as the user Is in the 
dialout group (check with “id”). 


GPIO: You will have to initialize, 
as root, the GPIO that will be 
used, and position the permissions 
accordingly (like this for the 
Debian default user): 


# echo 48 > /sys/class/gpio/export 
# chgrp -R debian /sys/class/gpio/gpio048/ 
# find /sys/class/gpio/gpio048/ -type f -exec chmod 664 {} \; 


# find /sys/class/gpio/gpio48/ -type d -exec chmod 775 {} \; 
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But beware, you don’t want multiple 
users fidgeting with the same GP/Os 
at the same time! 


Then you can access the gpio with 
the “debian” user. 


Components on the i2c bus: As with 

the serial ports, if the user is in the “i2c” 
group, she can access components on the 

bus as a regular user. But there are a lot of 
sensitive components on an i2c bus, so if 
the integrity of the system is at risk, take 
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great care as to who can access what. 


Analog reading: /n the same way you 
did for the GPIO, put the permissions 
in /sys/bus/iio/devices/iio\:deviced/ 
for the user, and again do not allow 
simultaneous access to the ADC. 


Handling of the permissions may vary a 
little, and udev can be put to good use 
for other devices not automatically 

recognized, but the essential part is here. 


| might add that the solution | chose 
to handle for this is a one and only 
process to access an /O port. 


A shared memory server relays read- 
ings and writings to the 1O handling 
process. | use redis as a back end for 
the following reasons: 


m /t allows me access to the /O from 
the network from multiple clients 
(rarely multiple writing though). 


m /t allows me to dispose of IO 
readings in a coherent way 


with transactions. 


@ /t allows me to attach a validity 
period to each item of data. 


m@ And it even allows a 
PUS/SUB mechanism. 
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Of course, there is a good Python 
module too. 


Shawn Powers and SSH 
Writing letters to LJ is becoming 
habit-forming this month. 


Shawn Powers left out the scariest part 
of SSH tunnels in his article “This Is Why 
We Can't Have Nice Things: SSH” in 

the October 2014 issue. It takes some 
thought and effort to set it up right, root 
access is needed, and public/private keys 
are required, but it’s relatively easy to 
set up PPPoS (PPP over SSH) using pon 
and poff. Then, you configure NAT as 
needed at each end of the link to obtain 
Internet access unfettered by a firewall. 
Finally, redirect internal nodes to use the 
internal system that hosts that end of 
the tunnel as their default gateway. That 
should be enough to make the toughest 
admin blanch. 

—fest3er8 


Ha! Indeed, SSH is like the light saber 
of the tech world. It’s super amazing, 
but it’s fairly easy to cut your arm 
off!—Shawn Powers 


Linux Journal in Audio Format? 

| am responding to Shawn Powers’ 
article in the August 2014 issue titled 
“First Health, Now Recreation”. Since 
he mentioned Audible, | would like to 


ask if he has tried converting Linux Journal into 
an audio file? 


| love Audible, mainly because | can maximize 
the way | absorb information in a crowded train 
or while driving. (I just caught up on the last 
two LJ issues on flight when | was traveling to 
a conference yesterday.) 


| have been thinking that if | could listen to LJ, that 
would be very productive! With the fact that most 
of the time 75% of the book is readable, maybe 
Dragon Speech (which | don’t have) would work? 
—Leo Chan 


That's an interesting question, Leo. One of my 
writing tricks is that | have the computer read back 
the text to me so! can hear any mistakes that my 
eyes glance over. I’m not sure the robotic voice 
reading an entire issue would be great, especially 
when it comes to the code sections, but | wonder 
if folks with assistive reading devices have luck 
with Linux Journal’s text. Any text-to-speech 
listeners out there?—Shawn Powers 
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UP 


diff -u 


WHAT?’S NEW IN KERNEL DEVELOPMENT 


Containers are very tricky to 
implement. Trying to isolate sets of 
resources from each other completely, 
so that they resemble a discrete 
system, and doing it in a secure way, 
has to be addressed on a feature-by- 
feature basis, with many caveats and 
uncertainties. Over time, this makes 
the core kernel code more secure and 
robust, but each individual feature 
may have surprising issues. 

The whole namespace idea— 
corralling subsets of system resources 
like user IDs and group IDs, and 
performing on-the-fly translations 
between the resource names within 
the container and the corresponding 
names in the outer system—is tough 
to manage. 

Recently, Marian Marinov noticed 
that process counters in the outer 
system counted processes as being 
owned by the same user if his or 
her UIDs (user IDs) were the same 
inside two separate containers. The 
same was true for GIDs (group IDs). 
He didn’t like this, because the two 
containers represented two logically 
isolated systems, and in that context, 
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the same UIDs could refer to different 
users entirely. They shouldn't be 
counted together. 

He wanted to patch the kernel 
to isolate these values, so that the 
process counters wouldn't get them 
mixed up with each other. But, 
Eric W. Biederman didn’t like 
Marian’s idea of creating namespace- 
specific data structures within the 
kernel. He offered some workarounds, 
but Marian didn’t like any of them. He 
said they were less efficient than his 
idea, and they would require him to 
put a lot of effort into redesigning his 
particular use case, which ran a batch 
of identical containers, each built out 
of a single master template. 

Ultimately, Eric suggested 
implementing something akin to 
Marian’s idea, but only for certain 
filesystems. The problem, he said, 
was that XFS exposed too much of its 
inner workings to userspace, making 
it hard to perform the namespace 
translations correctly. If they limited 
support only to “normal” filesystems, 
Eric said, it would be much easier to 
give Marian what he wanted. 


But, James Bottomley pointed 
out that Linux distributions wouldn't 
sacrifice XFS for anything. It had already 
been tried with the USER_NS feature. 
Distributions wouldn't accept USER_NS 
unless it supported XFS. James argued 
that the same would be true here. 

Eric replied that the two cases 
were different. His solution would 
not preclude using XFS in a Linux 
distribution; it would only preclude 
using a particular use case that didn’t 
currently exist anyway. And, Eric also 
argued that XFS already had serious 
issues that made it less container- 
friendly than other filesystems. It was 
hard to migrate an XFS filesystem to 
a system with different endianness 
and word size. This meant one of the 
common container uses—migrating 
processes and containers between 
machines—already was partially off 
the table for XFS, at least for the 
moment. That being the case, Eric 
said, it didn’t make sense to go to 
great lengths to support it in a feature 
it couldn't use until so many other 
XFS characteristics had been fixed. 

The debate undoubtedly will 
continue. Ultimately, the question 
involves identifying where to draw 
a line between seemingly integrated 
features of the kernel. What parts 
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of the system can be containerized 
safely? What parts have to wait until 
other issues are addressed? In some 
cases, the end result will be much 
cleaner kernel code; in other cases, 
in the short term, much messier. 
Some features get so big and 
complicated that they can’t 
be changed easily anymore. In 
particular, it becomes harder to fix 
design flaws, because each fix has 
to account for all the existing special 
wonkiness. The printk() function 
is one example. Its code apparently 
has become such a nightmare that 
kernel developers must choose worse 
solutions to their problems, just in 
order to avoid a redesign process 
that is made so difficult by printk()’s 
current insane implementation. 
Recently, Petr Mladek submitted 
some code to allow calling printk() 
from within an NMI (non-maskable 
interrupt). This is useful when a 
system is in the midst of crashing and 
needs to output logging data to help 
the user identify what went wrong. 
The problem was that printk() needed 
to take a lock that might be held by 
another process. That’s a big no-no 
in NMls, because the whole point 
of NMls is that they never can be 
interrupted by other processes. The 
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printk() would loop forever, waiting 
for a process to release a lock, when 
that process would never get the CPU 
cycles it needed to release that lock. 
Presto, deadlock. 

Petr’s code solved this by taking the 
lock only if available and failing over 
to an alternate solution if necessary. 
Overall, Petr’s code improved the 
situation, because users actually were 
seeing lockups that could be better- 
diagnosed with printk()s in NMIs. 
Specifically, Jiri Kosina said, “we've 
actually seen the lockups triggered by 
the RCU stall detector trying to dump 
stacks on all CPUs, and hard-locking 
the machine up while doing so.” 

But, as Frédéric Weisbecker put it, 
the printk() code base was an “ancient 
design” with “fundamental flaws”. 

Its poor design forced Petr’s patch 

to be 1,000 lines long when such a 

fix ordinarily might be much smaller 
(Linus Torvalds later estimated 15 
lines as a good size for Petr’s features). 
Frédéric suggested, “shouldn't we 
rather redesign it to use a lockless ring 
buffer like ftrace or perf ones?” 

Jiri agreed that the printk() code 
base was “a stinking pile of you- 
know-what”, and that a redesign 
would be better than Petr’s stop-gap 
patch. But in fact, he said, the correct 
design was not yet known, but 
regardless certainly would take a long 
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time to implement and would delay 
Petr’s important fix that addressed 
real-world crashes. And as Frédéric 
added, there also was the danger that 
“if we push back this bugfix, nobody 
will actually do that desired rewrite.” 
At some point, Frédéric asked for 
Linus’ opinion, and Linus essentially 
torpedoed Petr’s whole approach. 
He said: 


Printing from NMI context isn’t 
really supposed to work, and we all 
know it’s not supposed to work. 


I'd much rather disallow it, and 

if there is one or two places that 
really want to print a warning and 
know that they are in NMI context, 
have a special workaround just for 
them, with something that does 
not try to make printk in general 
work any better. 


Dammit, NMI context is special. | 
absolutely refuse to buy into the 
broken concept that we should 
make more stuff work in NMI 
context. Hell no, we should not try 
to make more crap work in NMI. 
NMI people should be careful. 


Make a trivial “printk_nmi()” 
wrapper that tries to do a trylock 
on logbuf_lock, and maybe the 


existing sequence of: 


if (console _trylock_for_printk() ) 


console _unlock(); 


then works for actually triggering 
the printout. But the wrapper 

should be 15 lines of code for “if 
possible, try to print things”, and 
not a thousand lines of changes. 


Which, Petr said, was exactly what 
his patch did, but he just needed 
1,000 lines of code instead of 15 
because of how broken printk() was 
already. And Jiri said, “I find it rather 
outrageous that fixing rea/ bugs 
(leading to hangs) becomes impossible 
due to printk() being too complex. 

It’s very unfortunate that the same 
level of pushback didn’t happen when 
new features (that actually made it 

so complicated) have been pushed; 
that would be much more valuable 
and appropriate.” 

At this point, Paul McKenney 
offered a compromise. Since Petr’s 
patch was inspired by the RCU (read- 
copy-update) stall detector using NMIs 
to dump the stack, and thus needing 
printk(), Paul could rewrite the RCU 
code to avoid using NMls for the stack 
dump. This way, regular printk() would 
work, without requiring Petr’s patch. 

The problem with this was that RCU 
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wouldn't do guite as good a job of 
dumping the stack data. As Jiri put it, 
“this is prone to producing not really 
consistent stacktraces though, right? 
As the target task is still running at 
the time the stack is being walked, 

it might produce stacktraces that are 
potentially nonsensical.” 

But, Linus was insistent. He said, 
“We should stop using nmi as if it 
was something ‘normal’. It isn’t. 
Code running in nmi context should 
be special, and should be very very 
aware that it is special. That goes 
way beyond ‘don’t use printk’. We 
seem to have gone way way too far 
in using nmi context. So we should 
get rid of code in nmi context rather 
than then complain about printk 
being buggy.” 

So, Paul’s solution, even being 
known to provide worse stack dumps 
than Petr’s, would be adopted, 
simply because it could avoid making 
further changes to printk(). Jiri said, 
“| feel bad about the fact that we 
are now hostages of our printk() 
implementation, which doesn't allow 
for any fixes/improvements. Having 
the possibility to printk() from NMI 
would be nice and more robust... 
otherwise, we'll be getting people 
trying to do it in the future over and 
over again, even if we now get rid of 
it at once. ”"—ZACK BROWN 
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Android Candy: 
Google Keep 


= = ¥ fe} 


First Snow 


Pick up hose 
Put out heated birdbath 


| love Evernote. | pay fora premium Google Keep. 


membership, and to be honest, | It's pretty neat. Honestly though, 
don’t think | even use the premium even though Google Keep has 
features. | just love Evernote matured quite a bit, | don’t see 

so much, | want to support the it as a competitor with Evernote. 
company. But in the spirit of fair | thought that was what it was 
comparison, | forced myself to try going to be, but to me it seems 
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more like a really awesome sticky- 
note program that syncs seamlessly 
between devices. The Web interface 
(http://keep.google.com) mirrors 
the Android app almost exactly, 
and it syncs in what seems like 
real time. You can grab notes 
to rearrange them, and yes, you 
can search notes using Google's 
powerful search engine. 

Perhaps it’s the lack of integration 
with other apps, or perhaps it’s 
just that Google Keep is so new 
compared to Evernote, but | 
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couldn't use it on a daily basis for 
more than quick notes here and 
there. I'd be curious to know if 
there are any Google Keep fanatics 
out there who can't imagine 

life without it. For me, Evernote 
combined with Nixnote is still the 
ultimate tool for keeping track of, 
well, everything! Download Google 
Keep from the Google Play store 
and give it a try. It really is a neat 
app, and if you're not an Evernote 
addict, it might be perfect! 
—SHAWN POWERS 
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A GUI for Your CLI? 


For new Linux s 


CLI Companion eee tee: 


Search: Vv _#Command List 


User Input 


package 


search string 


users i h e File Command Process Terminal Help 
comman d ne LocalCommands | CommandlineFU Commands 
; Command 
is arguably dpkg 1? 
the most SE 
intimidating silanes 

. iwconfig 
ThHlhG.: FOr ifconfig a 

Isb_release -a 


crusty veterans 
like me, green 
text on a black 


uname -a 


spowers@arlene:~$ df -h 


3 19G 
background is Pan 
3.9G 
as cozy as fuzzy 737 
Slippers by a aa 
fireplace, but 192.168.1.10:/videos ge 
. 192.168.1.8:/share 5.47 

| still see CLI spowers@arlene:~$ [] 


Companion as 
a pretty cool 
application. 
The concept is pretty easy. It’s 
a GUI environment that allows 
you to double-click your way 
into entering CLI commands. You 
can create your own commands 
(sort of like bookmarks for the 
command line), or you can search 
from within the large database of 
common applications. Oh, and if 
the command requires command- 
line arguments? The application 
pops up a window prompting you 
to enter them in. 
If you're a dyed-in-the-wool Linux 


Execute 


© cancel 
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Size Used Avail Use% 


6.9G 
i) 
4.0K 
1.44 
) 
19M 
28K 
886 
15T 
a. 7T 


wip Add 


sudo apt-get update && sudo apt-get upgrade 


Mounted on 


116 
4.0K 
3.96 
795M 
5.0M 
3.9G 
100M 
552G 
2.0T 
3.7T 


/ 
% /sys/fs/cgroup 
1% /dev 
% /run 
% /run/lock 
% /run/shm 
% /run/user 
% /home 
% /mnt/videos 
% /mnt/odie 


Edit Ti Delete Hel Quit 
4 Oo Qrebp © 


gAdd tab 


professional, CLI Companion might 
seem like a silly thing to install. If 
the command line is intimidating, 
on the other hand, it might be 
the perfect tool to help you gain 
mastery. Heck, as | scrolled through 
the database of applications, | 
learned a few command-line tools 
| didn’t know existed! 

If a GUI CLI is an oxymoron 
you'd like to check out, surf 
over to https://launchpad.net/ 
clicompanion and check it out. 
—SHAWN POWERS 
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Non-Linux FOSS: Don’t 
Type All Those Words! 


We mention Autokey = 


C.\Users\spowers\Documents\AutoHotkey.ahk - AutoHotkey v1.1.16.05 Shih 


\ Help 
Script line: 


later in this issue as 
a great tool for text 

replacement in real time ee 
on Linux. Thankfully, 
there's an option 
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Autokey! AutoHotkey 
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application that —_ 
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AutoHotkey,ahk - Notepad eis 


3 IMPORTANT INFO ABOUT GETTING STARTED: Lines 
3 semicolon, such as this one, are comments. Ihey are not executed. 


al filename a 

a tpancied when you run ane eres directly. Also, aa text file whose 

3 name ends ahk is associated with the program, which means that it 

3 can be cieachea simply “as double-clicking it. You can have as many .ahk 
files as you want, located in any folder. You can also run more than 

simultaneously and eac! 


are two sample hotkeys. 
3 launches a web site in the default browser. Ihe second is Control+Alt+N 
; and it launches a new Notepad window (or activates an existing one). To 
3 try out these hotkeys, run Autollotkey again 


#z::Run www. autohotkey.com 


Ens: 
IfWinExist Untitled - Notepad 


that start with a 


ind path because it is automatically 


h will get its own tray icon. 


The first is WineZ and it 


» which will load this file. 


>> TitleMatch Mode~slow Visible Text x<<< 


2922( TileMatchMode=sdow Hidden: Ted Jocee 


runs strictly under 
Windows. It’s still FOSS, but there’s 
unfortunately no version for Linux. 
The premise for AutoHotkey is the 
same as Autokey for Linux. Type a quick 
short bit of text, and it will expand 
that shortcut into the predefined text 
you tell it to use. | find this useful 
while programming, as creating those 
curly braces in pairs is very useful. 
The program is a bit of a bear to 
configure, because there’s no GUI to 
configure keys. In order to configure 
the program, you write a text-based 
script that defines your shortcuts. 
AutoHotkey (AHK it’s sometimes 
called) even allows you to pre-compile 
your shortcuts into an executable so 


you don’t need to re-program them 
when you move to a new computer. 
Grab your .exe file, and run it when 
you visit your folks for the holidays. 
(But don’t make a shortcut that 
automatically misspells your sibling's 
name when your parents type it...or if 
you do, don’t blame me!) 
AutoHotkey is free, and it’s 
available at http://ahkscript.org. 
There's a nice quick-start tutorial as 
well to help you get started, because 
like | mentioned, it’s a little rough at 
first. If you're stuck typing a lot of 
text on a Windows machine, check 
out AutoHotkey today! 
—SHAWN POWERS 
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Computing without 


a Computer 


I've covered a lot of various pieces 
of software that are designed to 
help you do scientific calculations 
of one type or another, but | 

have neglected a whole class of 
computational tools that is rarely 
used anymore. Before there was the 
electronic computer, computations 
had to be made by hand, so they 
were error-prone. To try to minimize 
these human errors, shortcuts 

and aids of one form or another 
were developed. 

A common computational 
problem is to solve equations of 
some number of variables. The tool 
that was developed for this class 
of problem is the nomograph, or 
nomogram. A nomograph uses 
a graphical representation of an 
equation to make solving the 
equation as simple as setting down 
a straightedge and reading off 
the result. Once a nomograph is 
constructed, it is one of the fastest 
ways to solve an equation by hand. 

In this article, | explore some 
common nomographs that many 
of you likely will have seen, and | 
take a look at a Python package, 
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PyNomo (http://www.pynomo.org), 
that you can use to create your 
own. | also walk through creating 
some new nomographs, which 
hopefully will inspire you to try 
creating some too. 

First, let me explain what a 
nomograph actually is. Electrical 
engineers already should have 
seen and used one example, the 
Smith chart. This chart provides a 
very quick way to solve problems 


Figure 1. With a Smith chart, you can work 
on problems around transmission lines 
and circuit matching. 


involved with transmission lines 
and matching circuits. Solving these 
types of problems by hand was a 
very tedious task that wasted quite 
a lot of time, so the introduction 

of the Smith chart increased 
productivity immensely. 

A Smith chart is scaled in 
normalized impedance, or 
normalized admittance, or both. 

The scaling around the outside is 

in wavelengths and degrees. The 
wavelength scale measures the 
distance along the transmission line 
between the generator and the load. 
The degree scale measures the angle 
of the voltage reflection coefficient 
at that point. Since impedance and 
admittance change as frequency 
changes, you can solve problems 
only for one frequency at a time. The 
result calculated at one frequency 

is a Single point on the Smith chart. 
For wider bandwidth problems, you 
just need to solve for a number of 
frequencies to get the behaviour 
over the full range. But, because 
this isn’t meant to be a lesson in 
electrical engineering, | will leave it 
as an exercise for the reader to see 
just how many other problems can 
be solved with a Smith chart. 

Another example, which should 
be recognizable to any parent, is 
the height/weight charts used by 
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doctors. These charts allow a doctor 
to take the weight and height of a 
child and see where he or she fits 
on a nonlinear scale that compares 
one child to the available statistics 
of a population very quickly. This 
is much easier than plugging those 
values into an equation and trying to 
calculate it manually. 

But, what can you do if you 
want to use a totally new type 
of nomograph? Enter the Python 
module PyNomo. The easiest way 
to install PyNomo is to use pip. 
You would type: 


pip install PyNomo 


You may need to preface this 
command with sudo if you want 
it installed as a system module. To 
get started, you need to import 
everything from the nomographer 
section with: 


from pynomo.nomographer import * 


This section contains the main 
Nomographer class that actually 
generates the nomograph you want 
to create. There are ten types of 
nomographs that you can create 
with PyNomo: 


@ Type 1: three parallel lines 
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M Type 2:NorZ 

@ Type 3: N parallel lines 

® Type 4: proportion 

M Type 5: contour 

™ Type 6: ladder 

® Type 7: angle 

M Type 8: single 

™ Type 9: general determinant 
™ Type 10: one curved line 


Each of these also is described by 
a mathematical relationship between 
the various elements. For example, 
a type 1 nomograph is described by 
the relationship: 


Fitul) + F2(u2) + Fs(u3s) = 0 


Each element of a given 
nomograph must be of one type 
or another. But, they can be mixed 
together as separate elements of 
a complete nomograph. A simple 
example, borrowed from the 
PyNomo examples on the main Web 
site, is a temperature converter for 
converting between Celsius and 
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Fahrenheit degrees. It is generated 
out of two type 8 blocks. Each 
block is defined by a parameter 
object, where you can set maximum 
and minimum values, titles and 

tick levels, as well as several other 
options. A block for a scale going 
from —40 to 90 degrees Fahrenheit 
would look like this: 


F_para={'tag':'A', 
"u_min': '-40.0, 
"u_max':'90.0, 
‘function': lambda u:celcius(u), 
Mele or Svc tircs. EF", 
"tick_levels':4, 
"tick, text level's’ :3, 
‘align _func':celcius, 
"title_x_shift':@.5 
} 


You will need a similar parameter 
list for the Celsius scale. Once you 
have that, you need to create block 
definitions for each of the scales, 
which looks like this: 


C_block={'block_type':'type 8', 
'f params':C_para } 


The last step is to define a 
parameter list for the main 
Nomographer class. For the 
temperature converter, you can 
use something like the following: 


main_params={'filename':'temp_converter.pdf', 
‘paper_height':20.0, 
‘paper_width':2.0, 
‘block_params':[C_block,F_block], 


‘transformations':[('scale paper')] 


Now you can create the 
nomograph you are working on 
with the Python command: 


Nomographer (main_params) 


A more complicated example 
is anomograph to help with the 
calculations involved in celestial 
navigation. To handle such a 
complex problem, you need to use 
a type 9 nomograpnh. This type is 
a completely general form. You 
need to define a determinant 
form to describe all of the various 
interactions. If the constituents are 
functions of one variable, they will 
create a regular scale. If they are of 
two variables, they will create a grid 
section. For example, one of the 
single scales in this example would 
look like this: 


‘g': Lambda u:-cos(u*pi/180.0) 
Whereas the grid is defined by: 


'g grid': lambda u,v:-sin(u*pi/180.0)*sin(v*pi/180.0) 
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Figure 2. 

A simple 
nomograph 

is a Celsius- 
Fahrenheit 
temperature 
conversion scale. 
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Figure 3. You even can do something as complicated as celestial navigation with 


a nomograph. 


steps in generating the nomograph. 


The last step is to apply any 


Once this nomograph is 
constructed, you can use it to 


transformations to the various 


compute the altitude azimuth. 


parts. Transformations to individual 


PyNomo goes through several 
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components can be applied only to type 9 
nomographs. If you do apply transformations 
to individual components, you need to make 
sure that relative scalings between the various 
parts are still correct. For other nomograph 
types, transformations can be applied only 
to the entire nomograph. There aren't a 
large number of transformations available 
yet, but there are enough to handle most 
customizations that you may want to make. 
The transformations available are: 


™ scale paper: scale the nomograph 
to the size defined by paper_height 
and paper_width. 


® rotate: rotates the nomograph through 
the given number of degrees. 


® polygon: applies a twisting transformation 
to the tops and bottoms of the various scales. 


M optimize: tries to optimize numerically 
the sum squared lengths of the axes 
with respect to paper area. 


With these transformations, you should be able 
to get the look you want for your nomograph. 

Now that you know about nomographs, 
and even more important, how to make them, 
you really have no excuse to avoid your trip 
to that isolated South Pacific island. Go ahead 
and play with PyNomo and see what other 
kinds of nomographs you can make and use. 
—JOEY BERNARD 
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You may be 
disappointed if 
you fail, but you 
are doomed if 
you don’t try. 
—Beverly Sills 


One person with 
a belief is equal 
to a force of 

99 who have 

only interests. 
—John Stuart Mill 


The freethinking 
of one age is the 
common sense 
of the next. 
—Matthew 
Arnold 


Real success is 
finding your 
lifework in 
the work that 
you love. 
—David 
McCullough 


The secret of 
happiness is to 
make others 
believe they are 
the cause of it. 
—Al Batt 
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Autokey: 
Shorthand 
for Typists 


For years | avoided installing 
keyboard shortcut tools on my 
computers. | thought dog-gonnit, 
if something needed to be typed 
out, I'd type every letter myself. 
Recently | capitulated, however, 
and | must say, going back seems 
unlikely. If you've never tried a 
text-replacement app, | highly 


! EDITORS’ 
CHOICE 


recommend doing so. The time 
it saves is incredible, and after | 
abandoned my grouchy old ways, 
I've grown to love it. 
Unfortunately, there aren't too 
many options in Linux for really 
good text-replacement apps. My 
personal favorite is Autokey. It 
can be a challenge to set up, 


File Edit Tools Help 
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(Default folder)/My Phrases/First phrase.txt 


Typing long sentences is for shmucks! 


Phrase Settings 
(| Always prompt before pasting this phrase 


E |A Show in notification icon menu 


Paste using | Keyboard A 


Abbreviations: ttt Set J clear 
Hotkey: (None configured) Set | 4 Clear | 
Window Filter: .* - gedit Set | Gf Clear 

‘A 


but that’s mainly because it’s 

so powerful. If you want text 
replacement to work only in a 
particular app (think programming 
code shortcuts), it can be set to 
work only with those apps. If you 
want to have a special hotkey 
required before text replacement 
works, that’s an option too. In the 
screenshot here, you can see | make 
a simple auto-replacement shortcut 
so that every time | type “ttt”, It 
replaces it with a sentence. It works 
only in gedit, because that’s the 
constraint | set in the settings. 


Even though it has a very 
complicated interface, the Autokey 
program is a great program, and 
one we hope continues to get 
updated once it no longer works. 
It's currently available for Ubuntu 
12.04 and below, but it will 
install on recent versions without 
a problem. Autokey takes this 
month's Editors’ Choice award, 
because once you Start using it, 
you won't be able to imagine life 
without it! Get your copy today at 
https://code.google.com/p/autokey. 
—SHAWN POWERS 
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Multitenant 


Sites 


REUVEN M. 
LERNER 


One server and one program can service many sites. Here’s an 
introduction to “multitenant” applications. 


For some time now, there has 
been tremendous growth in the 
world of Web applications. It’s quite 
amazing to see what you can do 
just via a Web browser—not only 
can you buy just about anything, 
but also a growing number of sites 
offer “software as a service”, often 
abbreviated as SaaS. The idea is that 
in exchange for a monthly service 
fee, you get access to a service. 
Many thousands of such services 
exist that take care of anything 
from Git repositories (for example, 
GitHub and BitBucket), e-mail 
services (for example, AWeber and 
MailChimp), invoicing systems, 
time-tracking systems, calendar 
systems, e-commerce systems, 
e-learning systems—you name it. 

As Web developers, you can create 
your own SaaS applications. That's 
right—with little more than a Linux 
box, a database, a programming 
language and a Web framework, 
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you're positioned to create a new 
SaaS application. With a good 

idea, some hard work and good 
marketing, you'll be on your way to 
having a successful business. 

There are numerous models for 
how SaaS can work. Sometimes, you 
have a user name on a system, and 
you're simply interacting with your 
view of the world. But sometimes, 
an SaaS app gives you what appears 
to be an entirely new domain. So if | 
get an account on SuperDuperSaas.com, 
everything | do will be under 
lerner.SuperDuperSaas.com. 

Programs allowing for this 
are known as “multitenant” 
applications. It’s possible, of 
course, that each new subdomain 
involves the rollout of a new 
virtual machine. But there also are 
ways that you can make a single 
computer, with a single instance 
of the application, provide the 
same illusion of an infinite number 
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of domains. Moreover, doing so 
is not nearly as difficult as you 
might think. 

In this article, | look at several 
techniques that make it possible 
for you to create and maintain such 
multitenant applications. These 
techniques can be used in an SaaS 
product or any other application in 
which the software can and should 
respond differently to a variety of 
hostnames or domain names. 


It’s All Thanks to HTTP 

HTTP, the Hypertext Transfer 
Protocol, is so ubiquitous that 

most people barely give it any 
thought. Even someone like me, 
who works nearly every day on Web 
applications, knows that HTTP exists 
and what it does—and yet, | don’t 
think about it too much. However, 
multitenant applications owe their 
existence to growth in the earliest 
days of the Web. 

The first version of HTTP that | 
encountered, back in 1993, was 
described as version 0.9. That version 
was a simpler protocol than the 
one we know today, but it already 
included the basic GET and POST 
actions—that is, you could connect 
to an HTTP server on port 80, and say: 


GET / 


The server would, if all went well, 
send the contents of its home page 
(typically formatted with HTML) back 
to the HTTP client. At that point, the 
connection would close. 

Although HTTP 0.9 worked well 
for many simple cases, the explosive 
growth of the Web meant that 
it wasn't good enough for many 
complex ones. One particularly 
common, and particularly painful, case 
was that of Web hosting companies: 
HTTP 0.9 required that each Web site 
have its own IP address. If you set up 
a Linux-based server with a single IP 
address but multiple hostnames, it 
wasn't possible for the HTTP server to 
distinguish between them. 

This changed when HTTP 1.0 was 
released and required that a “Host” 
header be sent along with the action 
and pathname. Now, a simple request 
looked like: 


GET / HTTP/1.0 
Host: lLerner.co.il 


The first line changed, such that 
it incorporated the version number 
of HTTP that was being used. This 
was done so as to have backward 
compatibility with HTTP 0.9 clients. 
The second line was defined to be 
the first of several “request headers”, 
name-value pairs that could be sent 
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Given that a server now could distinguish between 
different hosts, even on the same IP address, it 
was possible to have a single server provide Web 
hosting capabilities for any number of different 


domains and hostnames. 


from the client to the server. 

These request headers have grown 
in scope through the years, and 
now include everything from the 
hostname to cookies to content type 
to caching information. But for my 
purposes in this article, the most 
important part of this request was 
the “Host” request header. Given 
that a server now could distinguish 
between different hosts, even on 
the same IP address, it was possible 
to have a single server provide Web 
hosting capabilities for any number 
of different domains and hostnames. 

In other words, it was now possible 
to have the same Web server provide 
hosting to CompanyA.com and 
CompanyB.com, without either 
knowing of or seeing each other. 
The Web server would know to route 
requests for CompanyA.com to one 
directory of programs and HTML files, 
and CompanyB.com to a second, 
completely separate directory of 
programs and HTML files. 

This might be obvious to anyone 


32 / DECEMBER 2014 / WWW.LINUXJOURNAL.COM 


who knows about domains, 
hostnames and DNS, but from the 
perspective of the server, it didn’t 
matter if it had to distinguish 
CompanyA.com from CompanyB.com, 
or abc.CompanyA.com from 
def.CompanyA.com. That is, different 
hostnames within the same domain 
were treated similarly to different 
domains. True, DNS and HTTP server 
configuration files made it easier 

to send *.CompanyA.com to the 
same location, but at the end of 
the day, your HTTP server sees 
different hostnames and, thus, 

can react differently. 

“Virtual hosts”, as they became 
known, shared an IP address and a 
computer, and so from the perspective 
of a programmer or IT manager, they 
were all under the same umbrella. 
From the perspective of the outside 
world, these were completely 
different Web sites. Perhaps they 
shared an IP address, and thus a 
hosting provider, but that was the 
only thing they had in common. 
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Multitenant 
Today, it’s trivial to service different 
hostnames under the same HTTP server. 
As | indicated previously, you simply tell 
Apache (or nginx, or whatever HTTP 
server you use) that the two hosts exist 
in different directories, and that they 
should be treated differently. With 
such a configuration in place, there is 
no connection whatsoever between 
the different hostnames. This actually 
makes it easier to move Web sites from 
one machine to another. You scoop 
up the virtual host’s configuration file 
and move it to another machine, along 
with the programs and static assets— 
that is, HTML files and images. 

Indeed, a huge industry of cheap, 
on-demand Web hosting perhaps 
has made this the most common way 
servers are allocated and used. Even 
my own personal server has five to 
ten different virtual hosts on it at any 
given time, between personal projects 
and demos of client applications. 

A multitenant application turns 
this idea on its head. Rather than 
using a single server, with a single IP 
address, to service a large number 
of different applications, each with 
its own hostname, you will have 
many different instances of the same 
application. That is, you‘ll have both 
CompanyA.com and CompanyB.com 
point not only to the same IP address, 
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but also to the same instance of your 
Web application. 

This might sound strange, until 
you consider that because modern 
versions of HTTP always pass a 
“Host” header, and because all of the 
HTTP request headers are available 
to a Web application, you can write 
a single application that will work 
on multiple hosts. Consider that 
BigCompany.com has two different 
divisions and a separate Web site 
for each division. The site should be 
completely identical in both cases, 
except that the contact phone 
number and address should reflect 
the coast that the user has reached. 

You can use the “Host” request 
header in an “if” statement inside 
the application, and thus display the 
information that is appropriate. This 
is a classic example of multitenant 
sites, although it’s certainly not the 
most complex of them. 


Multitenant with Sinatra 

Let’s implement the above scenario 
using Sinatra, a very small and 
lightweight Web application 
framework written in the Ruby 
language. In the July 2014 issue of LJ, 
| covered a similarly small framework, 
known as Flask, written in Python. 
Such frameworks often are perfect 
for simple sites and example code. 
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There are a number of ways that 
you can create a Sinatra application. 
My preference is to do so ina 
directory, along with a Gemfile and a 
config.ru file. This took less than five 
minutes for me to set up on my own 
computer. First, | created a directory 
called “multiatf”. In that directory, | 
created a file called “Gemfile”, which 
is where | will name the Ruby gems I'll 
be using for this application: 


source ‘https://rubygems.org' 
gem "Sinatra", :require => "Sinatra/base" 


gem ‘shotgun' 


The first line says that | want to 
retrieve gems from Rubygems.org, 
the official and standard location. The 
second line says that | want to use 
the “sinatra” gem, but that | don't 
want to require “Sinatra”, but rather 
“sinatra/base”. Finally, | name the 
“shotgun” gem, which provides for 
automatic reloading of Sinatra apps— 
precisely the sort of thing | want when 
I’m developing an application. 

Before continuing, | then run 
bundle install, which ensures that 
all of the gems named in the Gemfile 
have been installed. It creates a file 
named “Gemfile.lock”, which lists the 
precise names and versions of each 
gem I'll be using in my application. 
This list includes those gems | have 
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named explicitly and those upon 
which my named gems depend. It 
is worth taking a look at Gemfile.lock 
sometime; it may well give you 
insights into how your Sinatra and 
Rails applications work. 

Next, | write a “config.ru” file, 
sometimes known as a “rackup file”, 
which tells Rack—Ruby’s standard 
interface between HTTP servers and 
applications—where my application’s 
code Is located and how to execute it. 
The file looks like this: 


require ‘bundler’ 


Bundler.require 


‘7 MULTIAtT. rb" 
run Sinatra: :Application 


require 


The first line loads the “bundler” 
gem. Bundler is an increasingly 
indispensable gem in the Ruby world, 
in that it manages the versions of your 
gems for you, ensuring that they will 
not require conflicting versions of a 
gem. After loading Bundler, you then 
use the “require” class method, which 
reviews your Gemfile.lock and loads 
the gems named within. 

Next, the “require” statement reads 
a Ruby file named “multiatf.rb” in the 
current directory. That is the actual 
application code, and it’s the file | 
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will be writing and modifying most of 
all. Loading it means that Ruby will 
read the contents of the code. In the 
case of my Sinatra app, that means 
taking the various “get” and “post” 
declarations and turning them into 
the appropriate routing map, such 
that the appropriate code block is 
executed for each URL. 

Then, once the application has 
been loaded, config.ru invokes 
Sinatra: :Application. That starts 
the application up and running. 

The final step in putting the 
application together is the multiatf.rb 
file. This also consists of very little code, 
but potentially could be quite large: 


require ‘sinatra' 


get '/' do 
"Hello from server '#{request.host}'" 
end 


The first line loads the Sinatra code. 
Next is something that looks vaguely 
like a method definition, but isn’t. 
Rather, it tells Sinatra that if someone 
makes a request to the / URL, it 
should return a string. In this case, the 
string isn't static, but rather contains 
a dynamic portion, including the 
value of “request.host”. As you can 
imagine, this value will vary according 
to the hostname you are using. 
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To start this up on my development 
machine, | ran: 


shotgun multiatf.rb 


This produces output telling me 
that Shotgun is now running my 
application on port 9393, using Ruby’s 
built-in WEBrick server. | can now 
go to my Web browser, and load up 
http://localhost:9393, and because of 
the get / declaration in my Sinatra 
file, that method is fired. | get a nice 
message telling me: 
"Hello from server 'lLocalhost'" 

But, what if it isn’t localhost? What 
if | go to another server name? For 
example, | added the following two 
lines to my /etc/hosts file: 


127 0,01. atti 
12720021. att2 


In other words, when | tell my 
Web browser to go to host “atf1", 
it'll go to 127.0.0.1, and it will send, 
in the “Host” HTTP request header, 
the server name “atf1”. The output 
then will be: 


Hello from server ‘atf1' 


The same will be true for “atf2”. 
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In many cases, showing different hostnames 
isn’t enough. You may want to show a different 
business name or a different address. 


Showing Different Content 

Thus, you've seen how you can 
have different output, based on 
the value of the server name. This 
seemingly simple fact opens the door 
to the entire world of multitenant 
systems. For example, you could 
imagine a company doing business 
under a variety of names, which 
would want to have the same Web 
application running, but showing 
the current domain name. All you 
have to do is change your strings, 
or your templates, to reflect the 
current hostname. 

In many cases, showing different 
hostnames isn’t enough. You may 
want to show a different business 
name or a different address. In 
order for that to happen, you'll 
need some additional data. The best 
and most scalable way to do this 
is a relational database, but you 
can simulate one with a Ruby hash 
that will be good enough for the 
purposes of this article. 

In this case, let's define the hash 
such that it contains two keys, one for 
each of the hosts to recognize. Then, 


36 / DECEMBER 2014 / WWW.LINUXJOURNAL.COM 


let’s pull out the company’s name 
from the hash, based on the key. 

| thus change multiatf.rb to read 
as follows: 


require 'sinatra' 


hosts = {'atfl' => {name: 'First ATF site', 
address: '111 Main Street'}, 
‘atf2' => {name: ‘Second ATF site’, 


address: '222 Elm Street'} 


get '/' do 
"Welcome to '#{hosts[request.host][:name]}', located at 
w= '#{hosts[request.host] [:address]}'!" 


end 


The idea here is simple, but the 
effects are profound. This is how 
each domain can appear different, 
even if the content is the same. 
You can imagine going even further 
than this, pulling in a different CSS 
stylesheet to an HTML page based 
on the hostname, or having it show 
different pictures. 

If you are using a relational 
database, you can enter each new 
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tenant site in a table, giving each 

a unique ID number. You then can 
use that ID as a foreign key, adding 
(for example) this “site_id” value in 

a table describing merchandise. For 
example, one of my clients manages 
about 30 different sites, each with 

its own set of real-estate offerings. 
These 30 sites are actually running 
ona single Web application, with 

a single database. However, based on 
the hostname through which the user 
enters the site, the software displays 
a different set of properties. This has 
made the site and the software easy 
to manage, scale and grow. Each 
time a new site needs to be added, 
the biggest task is to update the 

SSL certificate, such that it includes 
the new hostname. Otherwise, the 
system works automatically, with the 
(nontechnical) company managers 
able to create new sites within several 
minutes, merely by filling out an HTML 


Resources 


form. That form allows them to add 
a new entry into the “sites” table. 
The hostname is used to look up the 
site ID, whose value is then used to 
display properties. 

Next month, I'll continue with 
this topic, discussing not only how 
you can have the same site produce 
similar content, but how you can 
configure it such that different users 
can manage their own sites, without 
interfering with the overall software 
and functionality.™ 


Reuven M. Lerner is a Web developer, consultant and trainer. 
He recently completed his PhD in Learning Sciences from 
Northwestern University. You can read his blog, Twitter feed and 
newsletter at http://lerner.co.il. Reuven lives with his wife and 
three children in Modi'in, Israel. 
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or to ljeditor@linuxjournal.com. 


The Sinatra home page is at http://sinatrarb.com. 


For information and ideas about multitenant sites in Ruby on Rails, you might want 


to read Multitenancy with Rails, an e-book written by Ryan Bigg and available at 


https://leanpub.com/multi-tenancy-rails. Although the book specifically addresses 


multitenancy with Rails, it offers many ideas and approaches that are appropriate for 


other software systems. 
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Power Shell 
History and the 
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DAVE TAYLOR 


find Command 


Dave explores Bash command-line history and delves into 
the super-powerful find command. 


It has been a while since | spent 
some time looking at basic command- 
line features and how they tie in to 
Shell scripts, so | thought it'd be a 
good time to go back to basics. Let's 
start with some fundamentals of 
command-line history, actually. 

If you're like me, you're stuck in 
a rut, either using ! xx to repeat 
the most recent command starting 
with that letter or those letters, or 
using the arrow up/down keys to 
step through your command history 
and find a specific command. | 
definitely get intoa!v !cc !. loop 
when I’m developing software, for 
example—useful. 

But, there's a lot more that 
your Bash shell can do in terms of 
manipulating your command history. A 
common one is to search for a specific 
command, then repeat it with the 
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command's numeric ID, like this: 


$ history | grep find 
P13 find $HOME -name "*.zip" -print 
$ !213 


Make a typo on the command? 
You can use arrow keys to monkey 
around and fix it, but that can be 
tedious. Instead, use the 4old4new 
replacement sequence: 


$ pc oldfile newfile 


-bash: pc: command not found 
$ “pc“cp 

cp oldfile newfile 

$ 


It’s super helpful, and notice that 
Bash echoes the corrected command 
so you know what's going on too. 

One of my favorites is to repeat 
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all the arguments of the previous 
command but not the command itself. 
Use !*, like this: 


$ vi filel file2 file3 
o ep 1? «= 


Got that? The cp command will 
copy each of the three files to your 
home directory for safekeeping. 

You also can select individual 
parameters by index number too, as 
| demonstrate here: 


$ echo Listening to the soundtrack from cloud atlas 


listening to the soundtrack from cloud atlas 


$ echo !!:3 
echo the 

the 

$ echo !!:3-5 


-bash: :3-5: bad word specifier 


Hmm...what went wrong on that 
second example? Did you figure it 
out? The !! applies to the command 
immediately before the current 
command, so the long string of 
listening to the soundtrack 
from cloud atlas is not what's 
being modified, and there are only 
two words in the immediately previous 
command (echo the). 

There are two ways to get the latter 
example to work, either have it come 
immediately after the longer echo 


statement or tap into the power of 
Bash history modifiers even further by 
referencing the command by its number: 


$ history | grep cloud atlas 
508 echo Listening to the soundtrack from cloud atlas 
$ echo !508:6-7 
echo cloud atlas 
cloud atlas 


$ 


Obviously, the shell’s habit of echoing 
the expanded command before it 
actually executes it makes these 
examples a bit annoying, but they 
demonstrate the concept, and quite 
frankly, sometimes when you're working 
with the shell, a bit of redundancy isn’t 
such a horrible thing anyway. 


The Incredible find Command 
Enough command-line history though. 
Let's shift to the rather insanely 
complicated find command instead. 
There's actually quite a bit you can do 
with find, and that’s why it ends up 
being a really complex utility. Worse, Its 
command-line parameters are specified in 
a format quite different from most Linux 
commands because they’re generally 
in -parameter value pairs, except the 
very first parameter, which specifies the 
starting directory for the search. 

Unless it’s command-line flags that 
aren't in the -parameter value format. 
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To make this more fun, there are 
different versions of find floating 
around, depending on what flavor of 
Linux you’re running—UNIX, NetBSD, 
Darwin and so on. I'll try to talk about 
general approaches to working with 
find, but if you encounter hiccups, 
check your man page (man find) to 
see what your local variant should be. 

The most basic use of find is to 
search for filenames that match a 
specific pattern—for example, all “C” 
source files in the home directory or 
any subdirectory thereunder: 


$ find ~ -name "*.c" -print 


On modern find commands, the 
-print parameter is redundant and can 
be omitted, but if you've an old-school 
version of find, omitting it might result 
in zero output—not so useful. 

find can check a lot of different 
characteristics of files too. Here’s the 
same search, but this time, let’s say 
you want only C source files that are 
more than 1K and have been created 
30 or fewer days old: 
$ find ~ -name "*.c" -ctime -30d -size +1k -print 

And now, here's an explanation, 
because | know you need one. 

Times can be specified in seconds, 
minutes, hours, days or weeks by 
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specifying “smhdw", respectively. Size 
is specified in kilobytes, megabytes, 
gigabytes, terabytes and petabytes 
with “kmgtp”, respectively. 

Then, a specified value defaults to 
an exact match, so -ctime 30d will 
match only files that were created 
exactly 30 days earlier—not quite 
so useful. So, the - prefix means 
“less than or equal to”, and + means 
“greater than or equal to”. Got it? 

You also can search for files by 
permission string, which is darn useful 
for administrators. In fact, a very 
common search that you should do 
occasionally ts this: 


$ find / -perm -4000 -user root -print 


This introduces yet another 
parameter: -owner. There’s also a 
group value if you want to check 
group ID, although in modern Linux 
that seems to be far less utilized than 
it was back in the old days—progress, 
or something like that. 

find has an -exec parameter that’s 
worth exploring too, because it lets 
you invoke arbitrary Linux commands 
on each and every matching file. So 
you started with a basic command 
to list all C source files by looking 
for matches with the simple pattern 
* c, but the output of that is just the 
filenames—boring. 
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Instead, -exec can let you output an 


ls -1 result for each one just as easily: 


$ find ~ -name "*.c" -exec ls -1l '{}' \; 
-rw-r--r-- 1 taylor staff 250 Jul 4 09:07 
/Users/taylor/Documents/Books/Wicked-Cool-Scripts-10th-Ed/ 


»Scripts.new/077-epoch.c 


-rwxrwxrwx 1 taylor staff 631 Sep 9 2009 /Users/taylor/ 
»Documents/Linux Journal/distance-between.c 
-rw-r--r-- 1 taylor staff 377 Apr 6 2012 /Users/taylor/ 


»Documents/Linux Journal/fixdict.c 


rw-r--r--@ 1 taylor staff 6848 May 1 2013 
/Users/taylor/Documents/old. intuitive.com/intuitive.com/ 
=»scripts/adt/get-adt-news.c 

-rw-r--r-- 1 taylor staff 6848 Jun 8 2013 
/Users/taylor/Documents/server cli files and 


archives/scripts/adt/get-adt-news.c 


-rw-r--r-- 1 taylor staff 3085 Aug 1 22:47 
/Users/taylor/Library/Application Support/Plex Media 


Server/Plug-ins/Framework.bundle/Contents/Resources/ 


»PLatforms/Shared/Libraries/tornado/epoll.c 


It seems like pretty complicated 
output, but really, it’s just an 1s -1 
with a lot of subdirectories making 
things look more complicated. You 
can handle that, right? 

The parameters required for -exec are 
tricky. The {} sequence is replaced with 


the matching filename, but without the 
quotes, it'll be preprocessed and removed. 
And, the weird \; sequence is because 
-exec needs to know how far to read 
on the parameter list, so it reads until 
the ;. But again, that'd be interpreted 
by Bash before even being given to 
find without the backslash—hence \;. 

So, a really common way for sysadmins 
to search for setuid root programs Is a 
slight variant on the above: 


$ find / -perm -4000 -user root -exec ls -1 '{}' \; | 


mail -s "setuid programs and scripts" admin 


That'll send an e-mail report that 
lists all files with setuid and owner 
root to the e-mail address “admin”. 

That's it for this article. Next time, 
I'll talk about the find|xargs 
command pipe pair and the 
substantial problem with files and 
directories that contain spaces.™ 


Dave Taylor has been hacking shell scripts for more than 30 years. 
Really. He's the author of the popular Wicked Cool Shell Scripts 
(and just completed a 10th anniversary revision to the book, 
coming very soon from O'Reilly and NoStarch Press). He can be 
found on Twitter as @DaveTaylor and more generally at his tech 
site http://www.AskDaveTaylor.com. 
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Dr Hjki on the 
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Who needs arrow keys when you have a perfectly 


good home row? 


The first time | used vi was in a 
college programming course. It was 
the default editor on the computer 
lab’s UNIX systems we used to compile 
our assignments. | remember when 
our professor first introduced vi and 
explained that you used the hjkl keys 
to move your cursor around instead 
of the arrow keys. Before this point, 
| was a pico user (that dates me a bit 
now), and it seemed so backward to 
me that vi used hjkl instead. 

It wasn't until | became a heavy vim 
user that | began to appreciate the 
speed you gain from navigation keys 
appearing on home row. As a touch 
typist, | realized the arrow keys are 
in a no-man’s land outside the home 
row compared to hjkl, and even 
though vim supported arrow keys, | 
used hjkl instead. I’ve been pleased 
to discover a number of different 
programs that also support the same 
level of key bindings. 

I've written a few other columns in 
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Linux Journal through the years along 
those lines (all with Dr Hjkl in the 
title), and here, I've decided to revive 
Dr Hjkl for another round of time- 
saving command-line navigation tips 
that will help keep your hands on the 
home row and off those arrow keys. 
Most of my tips in this article 
are about reducing your reliance 
on the arrow keys and increasing 
your speed when on the command 
line. For many years, whenever | 
would find a mistake in a command 
| typed, | would do one of two 
things: use a combination of Home, 
End and the arrow keys (all way too 
far away from home row) to move 
the cursor back to the mistake so | 
could fix it, or sometimes | found it 
was faster to press Ctrl-C and type 
the whole command again. One day 
| observed another Linux user fly 
back and forth across words on the 
command line and realized there 
was a better way. 
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On the command line, you can replicate 
the behavior of dw with Alt-d. 


Moving Between Words 

The first simple speed improvement 
is the use of Alt-b and Alt-f to move 
backward or forward one word on 
the command line. This behaves 
somewhat like the b and w keys tn 
vi to skip between words instead 

of one letter at a time. Alt-b acts 
like just like b in vim. Press Alt-b, 
and the cursor will move back one 
word and sit at the first letter of 
the previous word. Alt-f is slightly 
different; the cursor moves forward 
until it ends up at the space between 
words instead of at the beginning 
of the following word. So given the 
following command: 


ls -l /var/log 


If my cursor were at the end of the 
line and | pressed Alt-b, it now would 
be over the | in log. If | pressed it 
again, it would move to the v in var. 
If my cursor were at the beginning of 
the line and | pressed Alt-f, it would 
end up on the space between Is and 
-|. This annoys me enough that often 
Ill find myself going forward an extra 
word and then pressing Alt-b so the 
cursor is where | want it. Even though 


it’s more keystrokes than the right- 
arrow key, it keeps my hands on the 
home row. Alternatively (as you'll see 
later), | simply could press Ctrl-f to 
move forward an extra letter instead. 


Delete Words 

The bulk of the time that | use Alt-b 
and Alt-f on the command line is to 
correct a typo earlier in the line. Now, 
you certainly could move the cursor 
over to the right position and then use 
Delete or Backspace to erase the error, 
but for minor mistakes, I’ve found it’s 
much faster to delete the whole word 
and retype it. In vim, | would type cw 
to change the word under my cursor, 
or a Slightly slower approach is to type 
dw to delete the word and then enter 
insert mode to make my changes. On 
the command line, you can replicate 
the behavior of dw with Alt-d. The 
Alt-d key will remove the word under 
the cursor completely so you can 
retype it. So, taking the same example 
from above: 


ls -L /var/log 


If my cursor were at the end of the 
line and | realized | wanted to change 
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-1 to -1tr, | would press Alt-b three 
times to move it over the | in -I, then 

| would press Alt-d to delete the I, and 
finally type Itr. 


Replace Home and End 

It turns out the arrow keys aren't 
the only ones on the hit list. Home 
and End, although useful, also are 
out in that no-man’s land away from 
the home row. In vi, you would just 
use “ or $ to go to the beginning 
or end of the line. On the command 
line, you can replace Home and End 
with Ctrl-a and Ctrl-e, respectively. 
If you use screen or tmux with 
screen key bindings, you know that 
Ctrl-a already is called for, so you'll 
need to press Ctrl-a a to send that 
Ctrl-a through to the command line. 
Ctrl-a can be particularly useful 
when you realize you need to pipe 
some initial command through 
something you've already typed, 
and Ctrl-e is useful to move back 

to the end of the line afterward to 
finish your command after editing it 
somewhere in the middle. 


A Few Final Shortcuts 

Although the above shortcuts are 
enough to get started, before | 
finish, | want to highlight a few 
extra shortcuts that are less useful 
but worth knowing all the same. 
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First, although Alt-b and Alt-f move 
backward and forward a word, 
respectively, their counterparts Ctrl-b 
and Ctrl-f will move backward and 
forward a single letter. Somewhat 
less useful, but still interesting, is 
the fact that you can use Alt-u to 
uppercase the full word under the 
cursor, Alt-| to lowercase the word, 
and Alt-c to capitalize the first letter 
in the word. 

With all of these tips, | recommend 
posting a reminder to yourself 
somewhere on your computer. It may 
take a few weeks to ingrain a new 
habit like this into your command-line 
use, but once you get used to it, you 
won't go back. I’ve found that these 
shortcuts also apply in command-line 
clients like Irssi, so if | notice | have 
a typo in something I’m about to say 
in IRC, | can just press Alt-b until it’s 
under the cursor, and press Alt-d to 
delete it, and then correct the error 
and press Enter. 


Kyle Rankin is a Sr. Systems Administrator in the San Francisco 
Bay Area and the author of a number of books, including The 
Official Ubuntu Server Book, Knoppix Hacks and Ubuntu Hacks. 
He is currently the president of the North Bay Linux Users’ Group. 
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LINUX JOURNAL 
Android 


Google Play | z= 
HOW-TOs 


—— => 
— 


D-LINE TRICKS AND TIPS 
S FOR HARD DRIVE CACHING 
TO MANAGE YOUR CONFIGS 


THE CLOUD ON THE FOR YOUR DATA 
COMMAND LINE | ANALYSIS TASKS 


www.linuxjournal.com/android 


For more information about advertising opportunities within Linux Journal iPhone, iPad and 
Android apps, contact John Grogan at +1-713-344-1956 x2 or ads@linuxjournal.com. 


COLUMNS 


THE OPEN-SOURCE CLASSROOM 


PHP for 


SHAWN POWERS 


Non-Developers 


Development doesn’t have to be scary. With PHP, it’s like shell 


scripting for the Web! 


After years of making it clear that 
I'm not a developer in just about 
every article I’ve written here at 
Linux Journal, | do have a confession 
to make. | can write the “Hello 
World” equivalent in almost every 
programming language out there. In 
assembly, it might have been “1+1", 
but my lack of advanced skills should 
be evident. The thing is, I’ve always 
wanted to learn how to program, but 
| hate the process so much | never get 
past “Hello World”. 

Then | met PHP. 

| know PHP is no longer cool. | 
know that compared to Python it’s 
extremely limited. But | also know 
that with PHP, | actually was able 
to create useful programs from the 
beginning. | suspect that’s why | 
love Bash scripting so much. With 
Bash, | always start with a problem 
to solve and use scripting to solve 
it. | never “learned” to write Bash 
scripts, | just did it. My goal in this 
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article is to throw you right into 
writing useful PHP code. If you 
really want to make “Hello World” 
appear in a browser window, by all 
means do so. But I’m not going to 
teach you how! 


Preliminaries 

Server: One great thing about PHP Is 
that just about every Web server has 
it installed and ready to go. If you get 
advanced and want to start making 
system calls to the underlying Linux 
OS, you might have to tweak php.ini 
a bit, but getting a PHP platform is 
usually as simple as installing a Web 
server with a LAMP stack. 

One thing that makes programming 
easier for me is to make sure my user 
account has write access to the place 
I'm writing code. My process usually 
involves making a small change and 
clicking refresh on the browser to 
see if it worked. If you have to sudo 
cp localfile serverfile every 
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time you make a change, it will be 
no fun. Worry about proper file 
permissions when you release your 
code to the Internet, but not while 
you're developing. 

The only other server tweak | 
recommend is adding a .htaccess 
that turns on error reporting. | don’t 
always have errors display on the 
page, but if you get the dreaded 
“ohp blank page”, it’s nice to turn 
on error reporting quickly so you get 
a nice message telling you where you 
forgot a semicolon. | usually create a 
file called “err” and quickly rename 
it to “.htaccess” when | want to see 
errors displayed. You probably will 
have to modify your Apache server, 
telling it to “AllowOverride” for the 
folder you're using, but it’s worth 
the effort. Here’s what my .htaccess 
file looks like: 


php _ flag display_errors on 
php_value error_reporting 2039 
Editor: PHP code is just text. 
You can use any text editor you 
like. | highly suggest using a text 
editor that does syntax highlighting 
though, because it makes it much 
easier to spot typos. | usually use 
vim when | do Bash scripting, but 
with PHP, | find myself scrolling 
more, so something like gedit 
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works better for me. If you really 
want to get fancy, programs like 
Sublime or SlickEdit are amazing, 
but really gedit is fine. Just make 
sure whatever editor you use has 
syntax highlighting, it’s awesome. 
(If you need to edit remote files, I'd 
check out using SSHFS to mount the 
remote folder and edit them as if 
they were local files. It works great 
in gedit.) 


The Goal 

For this first foray together into the 
world of programming, let’s create 
something useful, but still simple. 

| also want to start with something 
worth building on to. So let’s make 
a start page for your browser. 
Remember iGoogle? Well, you're 
going to start with something far 
more simple, but because you're 
making it yourself, you can expand 
later. (| find coding to be a perfect 
way to spend nights of insomnia, 
just saying.) 


How PHP Works 

It took me a little while to understand 
this concept, so I’m going to explain 
it quickly. PHP code can be added to 
standard HTML, or it can be strictly 
PHP code that creates HTML as 
output. These following two snippets 
of code do the same thing. 
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test.php: 


<htmL> 
<body> 
<hl>The current day is: <?php echo date("L"); ?>!</h1> 
</body> 


</html> 
test2.php: 


<?php 

echo "<html>"; 

echo "<body>"; 

echo "<hl>The current day is: " . date("1") 
echo "</body>"; 

echo "</html>"; 


?> 


Feel free to copy that into two 


«Snes 


separate PHP files and browse to the 
page. You should see something like 
Figure 1. The reason | spelled this 

out is because different people code 
PHP in different ways. Just remember 
that if it’s not inside a <?php ?> 
container, it is treated like plain-old 
HTML. Anything inside those <?php ?> 
containers are executed, and the 
output is sent to the browser window. 
Often, PHP code won't have any 
output, and so nothing Is displayed 
on the screen. But, if you want to 

use PHP, it must be inside those tags, 
namely: <?php PHP STUFF HERE ?>. 


Let’s Make Something! 
| created a simple landing page in PHP. 
(Figure 2 shows its output.) You can 


wi " _) https://kermit.brainofs! x 1_\ 


€ > © # &4 https://kermit.brainofshawn.com/test.php sy 


The current day is:Friday! 


Figure 1. It’s not “Hello World”, but I'll admit, it’s dangerously close. 
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w J |‘) Landing Page x _}\ 


€ > © #@ §@ https://kermit.brainofshawn.com/index.php 


Shawn's Very Simple Page 
Are You Looking for My Blog? 
Google is: UP 


Linux Journal is: UP 
Blarxnot is: DOWN 


Current Temp: 32.4F 
Conditions: Snow 
Last Updated on October 31, 10:50 AM EDT 


Server Uptime: 11:06:02 up 4 days, 16:09, 1 user, load average: 0.03, 0.19, 0.24 


Figure 2. This is the portal. Your family probably will be less silly looking! 


download it at http://snar.co/ljphp. 
It’s also shown in Listing 1. Unzip 
the file, and put it in your Web 
server so you can edit it and make 
it work for you. 

Notice the first line has <?php in 
it—that means it starts with a section 
of PHP code rather than HTML. The 
first thing you do is load a weather 
API into a PHP array. You'll need to 
register on Wunderground to get your 
own API key (they’re free), and then 
modify the URL to fit your location. 
Basically, it’s a two-step process: you 
load the JSON string into a variable 


called $json and then use the 
json_decode function to break that 
apart into an array. Check out the 
Working with Arrays sidebar for some 
tips on looking at the array itself so 
you can see what it contains. 

After that little bit of variable 
work, the PHP section closes with 
a ?> online 8. From that point on, 
it’s mostly HTML coding that should 
look fairly clear. Basically, | created a 
simple table. In the first cell, there is a 
picture of my family (you can add your 
own fam.jpg to the same folder where 
the php file lives), and then | open 
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another section of PHP code. Here | 
print some of the information from 
the Weather API. You can figure most 
of it out, but of particular note are 
the periods in the echo statements. If 
you want to print more than one thing 


Listing 1. Example Landing Page 


<?php 


// This is a comment. The next lines fetch weather info 
// and then turn it into a PHP array (You'll need your 


// own API key!) 


$json=file_get_contents("http://api.wunderground.com/ 
=» api/YOUR_API_GOES_HERE/conditions/pws:1/q/49749.json") ; 
$weather = json_decode($json, TRUE); 


?> 


<htmL> 

<head><title>Landing Page</title></head> 

<body> 

<table style="text-align: left; width: 100%;" border="0" 


cellpadding="2" cellspacing="2"> 


<tr 
<td> 
<img style="width: 250px;" alt="The Fam!" 
=src="fam.jpg"><br> 
<?php 
echo "Current Temp: " . 
=» $weather['current_observation']['temp_f'] 
=. "F<br>"; 
echo "Conditions: " . 
»$weather ['current_observation'] ['weather'] 
ee <b fo: 
echo "<small>"_. $weather['current_observation' ] 
['observation_time'] . "</small><br>"; 
?> 
</td> 


<td style="vertical-align: top;"> 
Shawn's Very Simple Page<br> 
<big><strong><a href="http://www.brainofshawn.com">Are You 
Looking for My Blog?</a></strong></big> 


<br><br> 
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on the screen, put a dot in between 

them outside the quotation marks. 
After some more HTML code, there 

is a section that checks Web servers 

to see if they're up. It’s important to 

know that “is_up” is not a built-in PHP 


<?php 
echo "Google is: "; 
is_up("www. google.com") ; 
echort<brar 
echo "Linux Journal is: "; 
is_up("www. Linuxjournal.com") ; 
echo "<br>"; 
echo! “Billarxnot 1si0 "3; 
is_up("wwww.blarxn@t.com") ; 
?> 
</td> 
Ssificles 
Stra 
<td colspan="2"> 
<?php echo "<br><center>Server Uptime: " . 
w»shell_exec("/usr/bin/uptime") . "</center>"; ?> 
</td> 
</ith 
</table> 
</body> 


</html> 


<?php 
function is_up($host, $port=80,$timeout=1) 
{ 
$fsock = fsockopen($host, $port, $errno, $errstr, $timeout) ; 


if ( ! $fsock ) 


i: 
echo "DOWN"; 
y 
else 
{ 
echo) “URS: 
} 
} 
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function, rather it’s something | wrote to port 80 on the specified address. | 


to make the code cleaner. If you look made up blarxnOt.com so one would 

at the bottom of the file, you'll see fail. Hopefully no one buys blarxnOt.com 
where | defined the function, and you just to spite me! (Note: don’t try to 

can see what it does. The only thing visit it, with my luck, somebody bought 
it checks is whether it can connect it and made it porn!) 


Working with Arrays 


Arrays can be really confusing. In this article, | showed loading a JSON API 
feed into a PHP array, and then referenced a couple fields from inside that 
array. But how on earth do you know how to build those variable names like 
$weather['current_observation']['temp_f']? Thankfully, there’s a 
great tool for displaying arrays on the screen. Here’s a snippet of code that 
takes a copy of the JSON code from this article’s example and displays the 
entire array so you can see the names of the array indexes. You should be 
able to see how | created that variable name above: 


array_view.php 

<?php 

hjson = Tile eet ocontentsa( http: 7/siar:<o/j)somapi ”). 
$weather = json_decode($json, TRUE) ; 

Cehlow <pie | 

print_r($weather) ; 

eche: <7 pres %, 

2> 


When you load this page, it should display the entire array in an easy-to-read 
format in your browser. The <pre> tags are important; otherwise, it just 
jumbles the output all into a single line. Whenever I’m trying to figure out 
the contents of an array, | make a quick PHP file like this so | can look at it. 
Hopefully, you’ll be able to find the variable indexes, and it will make sense. 
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The last section of the PHP 
document does a really cool PHP trick 
and executes a local shell command, 
dumping the output to the browser 
screen. So the results of the uptime 
command are printed at the bottom 
of the landing page. If you have a 
Windows server, it probably will just 
error out, but I’m assuming we're all 
using Linux here. 


To Infinity and Beyond! 

This first simple PHP page is just 

that, very simple. | touched on a few 
advanced subjects though, and | hope 
you explore more from here. Arrays are 
really cool and make working with APIs 
from Web sites a breeze. If you liked 


this little taste of PHP, | recommend 
you look into the following: 


m IF/THEN/ELSE conditionals. 
m@ For loops. 
m@ While loops. 


mM Reading and writing files on 
the system. 


M GET and POST variables. 
M Functions. 


@ Including other PHP files. 
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But, | urge you—don't just look them 
up and memorize how they work. 
Come up with a problem and then solve 
it! Everything I’ve learned in PHP started 
with a Google search like, “How do | 
display large numbers with commas in 
PHP”, or “How do | round numbers in 
PHP”, or even “How do | multithread 
queries in PHP for parallel processing?” 
(That last one is by far the most 
complex thing I've done so far!) 

PHP coding is incredibly fun. | can’t 
believe I’m saying that, but it’s true. 

If you love Bash and can’t imagine 
living without it, | suspect you'll love 
PHP, because it’s a lot like Bash, but 

a Web browser gets to be the input/ 
output mechanism! If you'd like me to 
do more project-based learning with 
programming languages, please let me 
know. I'd love a reason to come up with 
fun projects, but it only makes sense if 
everyone wants to play along! m 


Shawn Powers is the Associate Editor for Linux Journal. 

He’s also the Gadget Guy for LinuxJournal.com, and he has an 

interesting collection of vintage Garfield coffee mugs. Don’t let 
his silly hairdo fool you, he’s a pretty ordinary guy and can be 
reached via e-mail at shawn @linuxjournal.com. Or, swing by 

the #linuxjournal IRC channel on Freenode.net. 
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http://www.linuxjournal.com/contact 
or to ljeditor@linuxjournal.com. 
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Opengear’s CM7100 
Console Server a5. \Eia 


Enterprises need solutions that 
help them leverage their existing equipment and tools securely and efficiently, asserts 
Opengear, provider of critical infrastructure management solutions. This should occur, 


Opengear adds, without myriad logins and security procedures when accessing multiple 
devices. This philosophy underpins Opengear’s new CM7100 Console Server, a 
state-of-the-art appliance that offers dramatically simplified console management, 
high reliability and strong security for maximizing the uptime of enterprise networks. 
The CM7100 is a 16-48 port serial console server that enables network administrators 
to manage sprawling and complex infrastructure of switches, routers, PDUs, firewalls, 
servers, UPSes and other critical data-center equipment from a wide array of vendors 
securely and efficiently. Other key product features include enterprise-grade security 
with FIPS 140-2 certified SSL, SSH and VPN; dual LAN ports for main and secondary 
networks; and audit/trail logging to 4GB local storage or a remote log server. 
http://opengear.com 


The Icinga Project’s 
Icinga Exchange 


; | C | a GA The new Icinga Exchange is a central 


repository for plugins, files, programs and 
add-ons that extend Icinga and compatible projects like Nagios, Shinken or Naemon. 
The repository allows users to search, store and rate Icinga-compatible extensions easily 
and connect with the people behind them. The project's Solr-based search engine and 
navigation tags ensure that searches are quick and easy. Users can choose from manual 
upload or an automated GitHub sync, the latter “taking the fuss out of maintaining 
a second project site”, notes the Icinga Project. Currently more than 500 projects are 
available on Icinga Exchange, many of which migrated to the new repository with the 
previously established Monitoring Exchange repository. The Icinga Project also emphasizes 
its openness to plugins and add-ons that are compatible with related monitoring tools. 
http://exchange.icinga.org 
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Untangle NG Firewall 


untangle” 
a ~s The network software and appliance specialist, 
Untangle, Inc., recently announced a faster, 
more agile version 11 of its Untangle NG Firewall 


software. Untangle claims that its NG Firewall 


product brings a combination of enterprise-grade 
capabilities and consumer-oriented simplicity 

to the management of every aspect of network 
control. Most notably, version 11 of the solution 
adds performance gains to the Virus Blocker to address the ever-present and growing 
threats of malware and to the Spam Blocker to keep unwanted e-mail at bay. In addition, 
besides an updated kernel, Untangle further added new technologies from the company’s 
IC Control product, improving both HTTPS processing and Captive Portal. 
http://untangle.com 


SSH Communications’ 
Secure Shell 
HealthCheck 


Since news of the Shellshock Bash vulnerability 
broke, revelations about the impact of the 
bug have grown, including reports of lost 


or stolen Secure Shell (SSH) keys being used to access sensitive information covertly. In 
reaction to Shellshock, SSH Communications Security announced the release of Secure 
Shell HealthCheck, a solution for discovering major risk and compliance violations related 
to all aspects of SSH in data-center environments. SSH HealthCheck helps to reduce the 
risk of failed audits and cyber-security breaches from hackers or malicious insiders. SSH 
Communications Security, whose chief innovation officer is SSH inventor Tatu Ylénen, 
recommends properly scanning and managing SSH keys, including comparing and auditing 
them against approved keys. The company claims that only its tools can achieve this. 
http://www.ssh.com 
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iTrinegy’s NE-ONE 


we 
—m 
The NE-ONE solution was developed by a | rT 


iTrinegy to confront the demands that 

come from users’ accessing applications across myriad devices and mixed networks. 
NE-ONE enables businesses to understand, predict and manage the performance of 
applications across today’s diverse networks, keeping the performance of networks 
and applications at their best. iTrinegy says that with NE-ONE, it has eliminated the 
complexity of dealing with the ecosystem of public, private, cloud, mobile and virtual 
networks. NE-ONE also offers a modular design, so customers use just the solutions 
they need, when they need them. NE-ONE comes in two variants: Edge Is the 
ready-to-go hardware-based solution, and Flex is the agile virtual appliance-based 
solution that can be deployed quickly wherever it’s needed on to a network. 
http:/Awww.itrinegy.com 


John Baichtal’s Robot Builder (Que) 


house Que says that author John Baichtal’s new book 
Building Rot Robot Builder: The Beginner’s Guide to Building Robots 
ies will help readers learn the craft of robot building from 

the ground up in an easy, fun and hands-on way. As the 
subtitle implies, absolutely no experience is needed. 
Baichtal has been a veteran author in the DIY [insert 

geek toy] space for many years and has helped many an 
intrigued-by-robot geek get started with robotics. Baichtal and Que have brought 
together a wealth of practical robotics know-how into “one incredibly easy tutorial”. 
Hundreds of full-color photos guide readers through every step and skill and get them 
building the first working robot (of 30 total) in the very first chapter. Throughout 
the book, skill building grows to expert level, and readers will find themselves 
powering motors, configuring sensors, constructing a chassis and even programming 
low-cost Arduino microcontrollers. 

http://www.informit.com 


BUILDER The topic of DIY robots is so us, fellow Linuxers. Publishing 
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Rockstor, Inc.’s 
RockStor NAS 


E i as , In classic Linux style, the new Rockstor 
= | cme = 11 LT a - Network Attached Storage solution from 
: His the team at Rockstor, Inc., is free, open- 
ET 


source and versatile. Supporting all popular 
file-sharing protocols, including NFS, 
Samba/CIFS and SFTP, Rockstor is available 
as a complete Linux distribution in ISO file format or a USB image and can be installed 
on bare metal or as a virtual machine. Rockstor’s underlying Linux distro is CentOS and 
the supported filesystem is BTRFS. A pluggable Smart Probe mechanism and a growing 
list of smart probes provide detailed on-demand information about the various aspects 
of storage infrastructure. Rockstor supports advanced features for businesses of all 

sizes ranging from small to large enterprises—for example, snapshots, fast cloning, thin 
provisioning, dynamic volume management and replication over WAN. The solution 
comes with a clean, user-friendly Web UI to manage storage operations conveniently. 
http://www.rockstor.com 


Eltechs ExaGear Desktop 


Eltechs hopes to lure ARM-based mini-PC users to try its ExaGear 
Desktop, which the company says can run virtual Intel x86 apps 


4.5 times faster than competitor QEMU. Eltechs ExaGear Desktop FLITEC H S 
is a virtual machine that implements a virtual x86 Linux container 

on ARM-based mini PCs, enabling the direct and simultaneous running of both 

x86 Linux and native applications. In addition, MS Windows applications can be 

run via the Wine emulator. The current version does not support applications that 
require kernel modules nor does it support 3-D hardware. 

http://eltechs.com 


Please send information about releases of Linux-related products to newproducts@linuxjournal.com or 


New Products c/o Linux Journal, PO Box 980985, Houston, TX 77098. Submissions are edited for length and content. 
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READERS’ 
CHOICE 
AWARDS 2014 


We added a couple great new categories this year, 
so be sure to read on to see the results! 


SHAWN POWERS 


~ Readers’ 
~ Choice 
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JOURNAL. 


t's time for another Readers’ Choice issue of Linux Journal! The format last year 
was well received, so we've followed suit making your voices heard loud again. 
| couldn't help but add some commentary in a few places, but for the most 
part, we just reported results. Please enjoy this year’s Readers’ Choice Awards! 
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BEST LINUX DISTRIBUTION 


 @ 
Although this year the Debian/Ubuntu-based distros took Oo 
the lion’s share of the votes, the “Best Linux Distribution” 
category is a bit like “Best Kind of Pizza”—even the bottom Pod 
of the list is still pizza. It’s hard to go wrong with Linux, and . 


the wide variety of votes only proves how many different 
choices exist in our wonderful Open Source world. 


16.5% Ubuntu 


16.4% Debian 2.5% Xubuntu A% Tails 

11% ~— Linux Mint 2.3% Other 3% Android-x86 
8.5% Arch Linux 1.6% Red Hat Enterprise Linux .3% Bodhi Linux 
8.3% Fedora 1.4% NixOS 3% Chakra 

6% CentOS 1.3% elementary OS 3% Kali Linux 
5.3% openSUSE 1.2% Lubuntu 3% PCLinuxOS 
4.1% Kubuntu 1%  CrunchBang 3% SolydK 
2.9% Gentoo 7% Mageia .1% Mandriva 
2.7% Slackware 4% LXLE .1% Oracle Linux 


BEST MOBILE LINUX OS 


Android is such a dominant force in the mobile world, we 


decided to allow Android variants to be counted separately. 
So although the underlying system on some of these are 
indeed Android, it seems far more informative this way. 


37.1% Stock Android 


27.6% Sailfish OS 3% Ubuntu Phone 8% Replicant 

20.2% CyanogenMod 1.5% Amazon Fire OS 8% Tizen 

3% Other 1.4% Ubuntu for Android 

BEST LINUX SMARTPHONE MANUFACTURER PSAMSUNGd 
29% Samsung 

26.7% Jolla 5.3% LG 1% GeeksPhone 

16.5% Nexus 3.7% Sony .6% Amazon 

7.1% Other* 1.8% Nokia 


‘ ‘ . *Under “Other”, Motorola got many 
7% HTC 1.4% Huawei write-ins, followed by OnePlus. 
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BEST LINUX 
TABLET 


35.3% Google Nexus 7 

14.8% Google Nexus 10 

14% Samsung Galaxy Tab 

9.8% Samsung Galaxy Note 

8.4% ASUS Transformer Pad 

6.4% Other 

4.7% Kindle Fire HD 

2% ASUS MeMO Pad 

1.6% Dell Venue 

1.4% Acer Iconia One 

9% Samsung Galaxy 
Note Edge 

7% Ekoore Python $3 


BEST OTHER LINUX-BASED GADGET (NOT 
INCLUDING SMARTPHONES OR TABLETS) 
We are a Raspberry Pi-loving bunch, that’s for sure! 

But really, who can blame us? With the new B+ model, 
the already awesome RPi is getting sleeker and more 
useful. I’m no fortune teller, but | suspect | know next 
year’s winner already. 


71.4% Raspberry Pi 


8.1% BeagleBone Black 1.1% Yamaha Motif XF8 4% LG G Watch 

4.3% Other* 8% Nvidia Jetson-K1 4% RaZberry 

3.7% Lego Mindstorms Ev3 Development System 4% VolksPC 

3.4% Moto 360 5%  Cloudsto EVO Ubuntu .2% 1FC6410 Pico-ITX Board 
1.7% Cubieboard Linux Mini PC 1% JetBox 5300 

1.7% Parrot A.R Drone 5% VoCore Open ‘iinder *6iher® the most papular 
1.4% Samsung Gear S Hardware Computer Write-ins were Odroid and CuBox. 
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BEST LAPTOP VENDOR 
This category used to be a rating of which vendors worked the best with 
Linux, but thankfully, now most laptops work fairly well. So, we truly get 
to see the cream rise to the top and focus on things other than “it works 


with Linux”. It’s awesome living in the future. 


32% Lenovo 


19.3% 
18.5% 
10.6% 
7.9% 
4.5% 


ASUS 1.9% 
Dell 1.8% 
System76 1.6% 
Other* 1.5% 
Acer 3% 


ThinkPenguin 
LinuxCertified 
ZaReason 
EmperorLinux 
CyberPower 


.1% Eurocom 


*Under “Other”, the most popular 
write-ins were (in this order) 
Apple running Linux, HP, Toshiba 
and Samsung. 


BEST LINUX DESKTOP WORKSTATION VENDOR 
36.8% Dell 


19.6% 
17.5% 
10.3% 


System76 9.4% 
Hewlett-Packard 2.7% 
Other* 2.3% 


Penguin Computing 


ZaReason 
Microway 


BEST LINUX SERVER VENDOR 
31.4% Dell 


21.2% 
19% 
9.5% 
3.9% 


IBM 4.7% 
Hewlett-Packard 3% 

Supermicro 2.8% 
Penguin Computing 1.9% 


BEST ANDROID APP 
26.7% JuiceSSH 


24% 
16.3% 
14% 
7.9% 
7% 


Other* 6.7% 
Waze 1.7% 
feedly 1.3% 
Google Goggles 6% 
Ayat 


Other* 

ZaReason 
iXsystems 
Microway 


Navfree 
Memrise 
QuizUp 
FreedomPop 
Messaging 


1.4% CyberPower 


*Under “Other”, most of the 
write-ins were “Build your own”. 


7% Servers Direct 


*Under “Other”, most of the write-ins 
again were “Build your own”. 


*Under “Other”, the most popular 
votes were (in this order) OsmAnd, 
F-Droid, ConnectBot, K-9 Mail, 
Google Maps, Google Now, 

Tasker, Wifi Analyzer, AirDroid, 
KeePassDroid and Titanium Backup. 
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BEST CONTENT MANAGEMENT SYSTEM 
34.7% WordPress 


25.3% Drupal 1.1% _ ikiwiki 

11.1% Joomla! 7% eZ publish 

10.5% MediaWiki 4% Wolf CMS 

10% Other* 3% Elgg *Under “Other”, the most popular 
4.3% Alfresco .2% Blosxom write-ins were (in this order) 

1.3% WebGUI DokuWiki, Plone, Django and Typo3. 


BEST LINUX-FRIENDLY WEB HOSTING COMPANY 

When it comes to Web hosting, it’s hard to find a company that isn’t 
Linux-friendly these days. In fact, finding a hosting provider running Windows 
is more of a challenge. As is obvious by our winner (“Other”), the options are 
amazing. Perhaps a “Worst Web Hosting” category would be more useful! 


22.8% Other* 


22.5% Amazon 2.9% LAMP Host 4% Netfirms 

13.1% Rackspace 2.6% Hurricane Electric 4% Prgmr 

10.4% Linode .6% Liquid Web 

6.5% GoDaddy.com .6% RimuHosting 

5.6% OVH 5% Host Media *Under “Other”, the most write-ins 


‘ went to (in this order) Digital Ocean 
5.4% DreamHost 5% Savvis ; ; (by a landslide), followed by Hetzner, 
48% 1&1 4%  Blacknight Solutions BlueHost and WebFaction. 


BEST WEB BROWSER 


Firefox takes the gold this year by a significant margin. Even 
if you combine Chrome and Chromium, Firefox still takes the 
top spot. There was a time when we worried that the faithful 
Firefox would fade away, but thankfully, it’s remained strong 
and continues to be a fast, viable, compatible browser. 


53.8% Firefox 


26.9% Chrome 2% Other 4% QupZill 
8.1% Chromium .8% SeaMonkey 2% Dillo 
4% Iceweasel 5% rekong 

3% Opera 4% dwb 
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BEST E-MAIL CLIENT 


If | didn’t know firsthand how many hard-core geeks live among 
us, | might accuse Kyle Rankin of voting fraud. His beloved Mutt 


e-mail client doesn’t take top spot, but for a program without 
any graphical interface, third place is impressive! 


44.4% Mozilla Thunderbird 


24.7% Gmail 3.2% Other 1.7% 
6.8% Mutt 2.2% Claws Mail 1% 
5.5% Evolution 2% Zimbra 9% 
5.3%  KMail 1.8% Alpine A% 


BEST AUDIO EDITING TOOL 
69.1% Audacity 


10.8% FFmpeg 1.3% Sox 

9.7% VLC 1.1% Mixxx 

4.9% Ardour 7%  LMMS 

1.9% Other 5% Format Junkie 


BEST AUDIO PLAYER 


We figured VLC would take top spot in the video player 
category (see below), but it was a bit of a surprise to 

see how many folks prefer it as an audio player as well. 
Perhaps it’s become the one-stop shop for media playback. 
Either way, we're thrilled to see VLC on the top. 


25.2% VLC 


15.3% Amarok 3.1% XBMC 4% 
10.4% Rhythmbox 3%  foobar2000 A% 
8.6% Clementine 2.4% Xmms A% 
6.1% MPlayer 1.2% DeaDBeeF 3% 
5.9%  Spotify 9% MOC 2% 
5.5% Audacious 8% — cmus 

4.6% Banshee .8% Ncmpcpp 


Audaci 


Geary 
SeaMonkey 
Opera Mail 
Sylpheed 


Mixxx 

MPC-HC 

Subsonic 
Nightingale 

Decibel Audio Player 


*Under “Other”, Quod Libet had 


4% Other* .6% Guayadeque the most write-ins. 
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BEST VIDEO PLAYER 
64.7% VLC 


14.5% MPlayer 1.9% Kaffeine .2% Daum Potplayer 
6.4% XBMC 1.6% mpv .1% Clementine 

2.7% Totem 1.6% MythTV 

2.7%  Other* 1.4% Amarok *Under “Other”, most write-ins 
2% Plex 3% Xmms were for SMPlayer. 


BEST VIDEO EDITOR 

This is another testament to the geek factor when it comes to our readers. 

We didn’t specify “non-linear editor”, so by a transcoding technicality, VLC 
eked out a win in the video editing category. Well played, VLC, well played. 


17.5%VLC 

16.4% Kdenlive 7.5% Cinelerra 1.4% LIVES 
15.1% Blender 4.9% _ PiTiVi 6%  Shotcut 
13.2% Avidemux 4.8% LightWorks 4%  Jahshaka 
13.2% OpenShot 4.7% Other 4%  Flowblade 


BEST CLOUD-BASED FILE STORAGE 


In a category that used to have few options, Dropbox 
still takes top spot, but the margin is closing. It’s hard 
to argue against Dropbox’s convenience and stability, 
but hosting your own data on ownCloud gives it quite a 
boost into the second-place spot. 


30.5% Dropbox 


23.6% ownCloud 4.4% SpiderOak ‘Under “Other”, the most write-in 
went to Younited and MEGA. Many 


Lt) j 0) 
16% Google Drive 1.8% Box also said things like “no cloud is 
8.3% — rsync 1% Copy the best choice/my files stay on my 
7.5% Other* 3%  AjaXplorer storage/local only”. 


6.6% Amazon $3 
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BEST LINUX GAME 


| rarely play games, so every year | look forward to this category to find 

the most popular options for those few times | do. I’m personally tickled 

to see NetHack so high on the list, especially considering the opposition. 
There's just something about wandering around random tunnels that appeals 
to the old-school DnD player in all of us. 


26.5% Civilization 5 


23.5% Other* 3.7% Scorched 3D 9% Ryzom 

8.7% Team Fortress 2 3.6% Destiny 

8.4% NetHack 1.9% Ultima IV — 

7.1% X-Plane 10 1.8% FreeCol Gece) oirer, ie est wile is 
9 Dot 14% Kpat were (in this order) Minecraft, 

6.1% Ota oo Se 0 A.D., Frozen Bubble, Battle for 

5.4% Bastion 1.1%  FreeOrion Wesnoth, Portal and Counter Strike. 


BEST BACKUP SOLUTION 
23.5% Other* 


18.9% Clonezilla 3.2% Back In Time “Under “Other", the most popular 
14.3% Dropbox 2.1% luckyBackup aa a 
11.7% Bacula 1.7% Tivoli Storage Manager _ Duplicity, Spider Oak, rsnapshot 
9% rdiff-backup .9% Symantec Backup Exec = and Deja Dup (in that order). 
8.5%  CrashPlan 5%  Areca-Backup 

5.6% Amanda 3%  Storix 


BEST VIRTUALIZATION SOLUTION 


| think the relationship with Vagrant has helped Oracle's VirtualBox significantly 
in popularity. Yes, Vagrant works with other virtualization platforms, but 

since it so seamlessly integrates with VirtualBox, | think it gets quite a boost. 
Virtualization is such an efficient and reliable way to implement systems, bare- 
metal solutions are almost a thing of the past! 


33.4% Oracle VM VirtualBox 


22.3% VMware 4.2% Other* “Under “Other”, the most 
write-ins went to Docker, 


21.1% KVM 1.7% OpenVZ ProxMox and LXC, in that order. 
5.7% XEN 1.3% Linux-VServer 

5.3% QEMU .1% Symantec Workspace 

4.9% OpenStack Virtualization 


WWW.LINUXJOURNAL.COM / DECEMBER 2014 / 65 


FEATURE Readers’ Choice Awards 2014 


BEST MONITORING APPLICATION 


27.1% Nagios 


20.7% 
12.3% 
10.5% 
8.6% 
6.2% 
3.4% 
2.8% 
1.9% 
1.2% 
1% 


Wireshark 
htop 
Zabbix 
Other* 
Zenoss 
Munin 

PC Monitor 
New Relic 
Opsview 
SaltStack 


7%  NTM (Network 
Traffic Monitor) 

7% xosview 

5% Manage Engine 

3% FlowViewer 

.2%  Circonus 

.2%  SysPeek 


*Under “Other”, most write-ins 
went to Icinga and OpenNMS. 


BEST DEVOPS CONFIGURATION MANAGEMENT TOOL 

It was interesting to see Git take top spot in this category, because although 
it certainly would work to use standard version control on configuration files, 
| always assumed it would be used alongside tools like Chef or Puppet. 

If nothing else, the DevOps movement has taught crusty old system 
administrators like myself to treat configuration files like code. Version 
control is incredible, and it seems as though most readers agree. 


39.4% Git 


17.2% 
8.9% 
8.8% 
7.6% 


Puppet 
Ansible 
cron jobs 
Subversion 


5% Chef *Under “Other”, most write-ins 


5.4% SaltStack Te 
4.6% Other* 
3% CFEngine 


BEST OPEN-SOURCE SECURITY TOOL 
21.9% Nmap 


18.4% 


15.6% 
13.9% 


Kali Linux (formerly 
BackTrack Linux) 


KeePass 
Tor 


6.5% pfSense 3.7% Other 
6% Tails 2.4% AIDE 
4.9% Netfilter 2.1% OSSEC 


4.8% Metasploit 
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BEST PROGRAMMING 


LANGUAGE 
30.2% Python 
17.8% C++ 
16.7% C 

7.1% Perl 

6.9% Java 
4.6%  Other* 
4.3% Ruby 
2.4% Go 

2.4% JavaScript 
2.2% QML 


1.4% Fortran 


1.4% Haskell 


1.2% Lisp 
6% Erlang 
.6% Rust 
4% OD 

1% Hack 


“Under “Other”, 

most write-ins went 
to Scala, PHP and 
Clojure (in that order). 


BEST SCRIPTING LANGUAGE 
Python is incredibly powerful, and it appears to be a favorite in both the 
scripting and programming categories. As someone who knows Bash and a 
little PHP, | think it’s clear what | need to focus on as | delve into the world 
of development. Meaningful whitespace, here | come! 


37.1% Python 


27% Bash/Shell scripts 


11.8% Perl 
8.4% PHP 
6.7% JavaScript 


BEST TEXT EDITOR 


45.6% vi/vim 
11.6% Emacs 


11% gedit 
9.5% Nano 
8.8% Kate 


4.9% Ruby 
2.1% Other 
2% Lua 


8.1% Other* 
4.1% Geany 
1.3% joe 


*Under “Other”, a large 
amount of write-ins went 
to Sublime. 
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BEST NEW LINUX/OPEN-SOURCE 
PRODUCT/PROJECT 


Docker Is clearly our winner here, and rightly 
so—what a game-changing technology. It’s 
nice to see Jolla/Sailfish get some love as well. 
We love Android, but having a choice is a vital 
part of who we are as Open Source advocates. 


28% Docker 


19% Jolla and Sailfish OS 4% Git 2% Zabbix 

7%  LibreOffice 3% Apache Cordova/ 2% CoreOS 

5% ownCloud OpenOffice/Spark/Tika 2% Firefox OS 

5% Steam 2% Ansible 1% KDE Connect 

5% Zenoss Control Center 2% Elementary OS 1% NixOS and NixOps 
4% Raspberry Pi 2% OpenStack 1% Open Media Vault 


COOLEST THING YOU'VE EVER DONE WITH LINUX 


This is my favorite new category for the Readers’ Choice Awards. 
Imagine attending a Linux conference and asking everyone the coolest 
thing they’ve done with Linux. That’s basically what happened here! 
We've listed a handful of our favorites, but for the entire list, check out 
our Web site: http://www.linuxjournal.com/rc2014/coolest. 

Note: the most common answers were “use it”; “rescue data/photos/ 
whatever off broken Windows machines”; “convert friends/family/businesses 
to Linux”; “learn”; “teach”; “get a job”; “home automation”; and “build 
a home media server”. The following list is of our favorite more-specific 
and unique answers, not the most common ones. 


HM Building my procmail pre-spam spam filter H A robot running Linux (for the 
back in the mid-late 1990s. Eurobot annual competition). 


M 450-node compute cluster. M Accidentally printing on the 


wrong continent. 
M@ 7.1 channel preamp with integrated 


mopidy music player. HM Adding an audio channel to a 
video while also syncing it. 
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Analyzed NASA satellite data with 
self-written code. 


Annoyed the cat remotely. 


Automated my entire lighting setup 
in my house to respond to voice and 
my mobile apps. 


Automatic window plant irrigation system. 


Bathroom radio. 
Brewing beer. 


Built an application that runs on the 
International Space Station. 


Built a system for real-time toll collection 
for a major toll highway system. 


Built our own smartphone. 


Built Web-based home alarm system 
on Raspberry Pi. 


Cluster of Raspberry Pis to crack 
encrypted office documents. 


Controlled my Parrot drone. 


Controlled the comms for 
186 Wind turbines. 


Controlling my Meade Telescope with 
Stellarium under Linux. 


Converted my old VHS family videos, using 
a laptop more than ten years old. 


Created a mesh network in the subarctic. 


Created an ocean environmental sensor 
buoy with radio data transmitter. 


Discovered new planets. 


Fixed a jabber server in Denver, USA, 
while in a hotel lobby in Amman, Jordan. 


Got Linus’ autograph on a Red Hat 5.0 CD. 


Hacked my coffee machine to send me a 
text message when the coffee is ready. 


Introduced my daughter to Lego 
Mindstorm EV3. 


Monitor the temp and humidity of my 
wine cellar and open the doors when 
too hot or humid. 


Replaced the controller in my hot tub 
with a Raspberry Pi. 


Scripted opening and closing of a 
co-worker’s CD tray every 15 seconds 
for four days. 


Used an LFS system to move ACH transfers 
for a national gas company. 


Flushed my toilet from another city. 
Remote chicken door. 


Web-based sprinkler controller for 16 
stations on a Raspberry PI (also control 
the pool and yard lights). 


Chaining SSH tunnels together to get from 
work to home via three hops due 
to restrictive network settings. 


Built a system that monitors a 
renewable energy installation with 
two fixed solar arrays, a two axis sun 
tracking solar array and a wind turbine. 
Production and weather data are 
displayed on a Web site in real time. 


Back in the days of modems, | had 

my computer call up my girlfriend 
every morning, so she would wake up 
and go to work. 


Used a Wii controller, through 
Bluetooth with my Linux computer 

as an Infrared Camera, to detect the 
movement of my daughter's Fisher 
Price Sit and Spin Pony, and to control 
a video game. 
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SINGLE-MOST IMPORTANT TOOL 
YOU USE AT WORK 

Note: this category was write-in only, 

and many people listed more than one 
tool. Many people also answered “my 
brain”, “my fingers”, “my computer” y 
or “Linux itself”, because we failed to , 
specify that it be a Linux tool. Thus, 

figuring out the percentages for this : 
category was nearly impossible. The list 

below gives the answers for the most-popular 
“Single-Most Important Linux-specific Tool 

You Use At Work”, in order. 


SSH 
Vi/Vim LibreOffice Bash Eclipse 
Git Emacs Terminal/Shell 


While this entire list is full of awesome and useful tools, my needs line 
up with the majority of readers. SSH and Vim are my bread and butter. 
Someday, those Emacs people will see the light. 


We’d like to make Readers’ Choice 
Awards even better next year. Please 
send ideas for new categories and 
any comments or feedback via 
http://www.linuxjournal.com/contact 
or to Ijeditor@linuxjournal.com. 


Shawn Powers is the Associate Editor for Linux Journal. He's 
also the Gadget Guy for LinuxJournal.com, and he has an 
interesting collection of vintage Garfield coffee mugs. Don't let 
his silly hairdo fool you, he’s a pretty ordinary guy and can be 
reached via e-mail at shawn@linuxjournal.com. Or, swing by 
the #linuxjournal IRC channel on Freenode.net. 
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harePoint is at t 


SharePoint in the cloud or on premises? Or both? Come to SPTechCon Austin 
2015 and learn about the differences between Office 365, cloud-hosted 
SharePoint, on-premises SharePoint, and hybrid solutions and build your 
company’s SharePoint Roadmap! 


For developers, the future means a new app model and new app paradigms. 
For IT pros and SharePoint admins, it’s trying to retain control over an installa- 
tion that’s now in the cloud. For information workers and their managers, it’s 
about learning how to work ‘social.’ But it’s not for everyone. 


Where do you need to be? 


The answer is simple: SPTechCon Austin. With a collection of the top 
SharePoint MVPs and expert speakers, more than 80 classes and tutorials 
to choose from and panels focused on the changes in SharePoint, 
SPTechCon will teach you how to master the present and plan for the future. 


Migrate to SharePoint 2013! Prepare for Office 365! 
Build Your Hybrid Model! 


A BZ Media Event 


Ts Y al Py | | ee = all on 
tne Crossroads — 


The SharePoint 
Technology Conference 


February 8-11, 2015 


Renaissance Austin Hotel 


80+ Classes 
0+ Microsoft Exper 
Get Your Texas-Sized 
Registration Discount— 


ReSISter NUW! 


www.sptechcon.com 


KNOWLEDGE HUB 


WEBCASTS 


====S= Learn the 9 Critical Success Factors to Accelerate 
====*=. IT Service Delivery in a Cloud-Enabled Data Center 


Today's organizations face an unparalleled rate of change. Cloud-enabled data centers are increasingly seen as a way to accelerate 
IT service delivery and increase utilization of resources while reducing operating expenses. Building a cloud starts with virtualizing 
your IT environment, but an end-to-end cloud orchestration solution is key to optimizing the cloud to drive real productivity gains. 


> http://Inxjr.nl/IBM5factors 


Modernizing SAP Environments with Minimum 
~  Risk—a Path to Big Data 


Sponsor: SAP | Topic: Big Data 


Is the data explosion in today’s world a liability or a competitive advantage for your business? Exploiting massive amounts 

of data to make sound business decisions is a business imperative for success and a high priority for many firms. With rapid 
advances in x86 processing power and storage, enterprise application and database workloads are increasingly being moved 
from UNIX to Linux as part of IT modernization efforts. Modernizing application environments has numerous TCO and RO! 
benefits but the transformation needs to be managed carefully and performed with minimal downtime. Join this webinar to 
hear from top IDC analyst, Richard Villars, about the path you can start taking now to enable your organization to get the 
benefits of turning data into actionable insights with exciting x86 technology. 


> http://Inxjr.nl/modsap 


WHITE PAPERS 


DIT White Paper: JBoss Enterprise Application 
Platform for OpenShift Enterprise 


Sponsor: DLT Solutions 


Red Hat's® JBoss Enterprise Application Platform for OpenShift Enterprise offering provides IT organizations with a simple and 
straightforward way to deploy and manage Java applications. This optional OpenShift Enterprise component further extends 
the developer and manageability benefits inherent in JBoss Enterprise Application Platform for on-premise cloud environments. 


Unlike other multi-product offerings, this is not a bundling of two separate products. JBoss Enterprise Middleware has been 
hosted on the OpenShift public offering for more than 18 months. And many capabilities and features of JBoss Enterprise 
Application Platform 6 and JBoss Developer Studio 5 (which is also included in this offering) are based upon that experience. 


This real-world understanding of how application servers operate and function in cloud environments is now available in this 
single on-premise offering, JBoss Enterprise Application Platform for OpenShift Enterprise, for enterprises looking for cloud 
benefits within their own datacenters. 


> http://Inxjr.nl/jbossapp 
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WHITE PAPERS 


Linux Management with Red Hat Satellite: 
) redhat Measuring Business Impact and ROI 


Sponsor: Red Hat | Topic: Linux Management 


Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to de- 
ploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT 
organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility 
workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows 
in importance in terms of value to the business, managing Linux environments to high standards of service quality — 
availability, security, and performance — becomes an essential requirement for business success. 


> http://Inxjr.nl/RHS-ROI 


Standardized Operating Environments 
®D redhat. 71 Efficiency 


Sponsor: Red Hat 


The Red Hat® Standard Operating Environment SOE helps you define, deploy, and maintain Red Hat Enterprise Linux® 
and third-party applications as an SOE. The SOE is fully aligned with your requirements as an effective and managed 
process, and fully integrated with your IT environment and processes. 


Benefits of an SOE: 


SOE is a specification for a tested, standard selection of computer hardware, software, and their configuration for use 
on computers within an organization. The modular nature of the Red Hat SOE lets you select the most appropriate 
solutions to address your business’ IT needs. 


SOE leads to: 

e Dramatically reduced deployment time. 

e Software deployed and configured in a standardized manner. 

e Simplified maintenance due to standardization. 

e Increased stability and reduced support and management costs. 

e There are many benefits to having an SOE within larger environments, such as: 


e Less total cost of ownership (TCO) for the IT environment. 


More effective support. 
e Faster deployment times. 


e Standardization. 


Vv 


http://Inxjr.nl/RH-SOE 
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INDEPTH 


Real-Time 
Rogue Wireless 
Access Point 
Detection with 


the Raspberry Pi 


Build a Raspberry Pi-based Kismet sensor network to hunt 


rouge wireless access points. 
CHRIS JENKS 


Years ago, | worked for an 
automotive IT provider, and 
occasionally we went out to the plants 
to search for rogue Wireless Access 
Points (WAPs). A rogue WAP is one 
that the company hasn’t approved to 
be there. So if someone were to go 
and buy a wireless router, and plug 
it in to the network, that would be a 
rogue WAP. A rogue WAP also could 
be someone using a cell phone or MiFi 
as a Wi-Fi hotspot. 

The tools we used were laptops 
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with Fluke Networks’ AirMagnet, at 
the time a proprietary external Wi-Fi 
card and the software dashboard. The 
equipment required us to walk around 
the plants—and that is never safe 

due to the product lines, autonomous 
robots, parts trucks, HiLos, noise, roof 
access and so on. Also when IT people 
are walking around with laptops, 
employees on site will take notice. We 
became known, and the people with 
the rogue WAPs would turn them off 
before we could find the devices. 


The payment card industry, with its 
data security standard (PCI-DSS), is 
the only one | could find that requires 
companies to do quarterly scans 
for rogue WAPs. Personally, | have 
three big problems with occasional 
scanning. One, as | said before, rogue 
WAPs get turned off during scans 
and turned back on after. Two, the 
scans are just snapshots in time. A 
snapshot doesn’t show what the 
day-to-day environment looks like, and 
potential problems are missed. Third, 
| think there is more value for every 
company to do the scans, regardless 
of whether they're required. 

Later, when | was a network 
engineer at a publishing company, 
| found it was good to know what 
was on my employer's network. 

The company wanted to know if 
employees followed policy. The 
company also was worried about 
data loss, especially around a couple 
projects. Other companies near 

us had set up their own wireless 
networks that caused interference 
with the ones we ran. Finally, | had 
to worry about penetration testers 
using tools like the WiFi Pineapple 
and the Pwn Plug. These allow 
network access over Wi-Fi beyond 
the company’s physical perimeter. 

One thing | always wanted was 
a passive real-time wireless sensor 


network to watch for changes in 
Wi-Fi. A passive system, like Kismet 
and Airodump-NG, collects all the 
packets in the radio frequency (RF) 
that the card can detect and displays 
them. This finds hidden WAPs too, by 
looking at the clients talking to them. 
In contrast, active systems, like the 
old Netsumbler, try to connect WAPs 
by broadcasting null SSID probes and 
displaying the WAPs that reply back. 
This misses hidden networks. 

A couple years ago, | decided to 
go back to school to get a Bachelor's 
degree. | needed to find a single 
credit hour to fill for graduation. 
That one credit hour became an 
independent study on using the 
Raspberry Pi (RPi) to create a passive 
real-time wireless sensor network. 

About the same time | left the 
automotive job, Larry Pesce of the 
SANS Institute wrote “Discovering 
Rogue Wireless Access Points Using 
Kismet and Disposable Hardware” 
(http://www.giac.org/paper/ 
gawn/7/discovering-rogue-wireless- 
access-points-kismet-disposable- 
hardware/107273). This was a paper 
about real-time wireless sensors using 
the Linksys WRT54GL router and 
OpenWRT. But, | didn’t find out about 
that until | had already re-invented 
the wheel with the RPi. 

Today lots of wireless intrusion 
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Hardware 


Below is the hardware per sensor—your prices may vary depending on where you buy 


and what’s on sale. 


Cost of parts: $69.95 per sensor; | used six Raspberry Pis in the project. 


Raspberry Pi Wireless Sensor Drone: 


5v lamp power supply: $9.99. 
Plastic Raspberry Pi case: $8.99. 
TP-Link TL-WN722N: $14.99. 


Network: 


Class 10 SDHC 8-gigabit Flash card: $5.99. 


Raspberry Pi Model B: $35.00 (found on sale for $29.99). 


M Cat 5e cable between 25-50’ long: already had. 


M Linksys WRT54GL: already had. 


® Linksys 16-port workgroup switch: already had. 


Monitor and Kismet Sever: 


® Laptop running Xubuntu Linux VM: already had. 


detection systems exist on the market, 
but as listed in the Hardware sidebar, 
mine cost me little more than $400.00 
USD to make. Based on numbers | 
could get, via Google Shopping, using 
Cisco Network’s Wireless IDS data 
sheet from 2014, a similar set up 
would have cost about $11,500 USD. 
I've been told by a wireless engineer 
| know that he was quoted about 
twice that for just one piece of 
hardware from the Cisco design. 
When | started looking into using 
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the RPi for this, | kept coming across 
people using the RPi and Kismet for 
war driving, war walking and war 
biking. David Bryan of Trustwave’s 
Spider Labs did a blog post in 2012 
called “Wardrive, Raspberry Pi Style!” 
(http://blog.spiderlabs.com/2012/12/ 
wardrive-raspberry-pi-style.html) 
where he talked about using Kismet 
with the RPi to track WAPs on his walk 
and drive around his area. He used a 
USB GPS device to map out where the 
access points were. 


Wireless Survey 


INDEPTH 


A wireless survey is usually a map of a building or location showing the signal strengths 
associated with wireless access points. Surveys are usually the first step when a new 
wireless network is installed. Surveys give the installers how many WAPs are needed, 
where they should be spaced, and what channels would be best to use in those areas. 


Surveys normally are done with a WAP and a Wi-Fi-enabled device. The WAP is placed 
in a location, and signal strength is recorded as the client is moved around the area. 


A rogue WAP or a survey WAP can be built from a Raspberry Pi with a wireless card 
and Hostapd. Most on-line documentation for a Hostapd WAP says to bridge the 
network cards on the RPi. This can be skipped if the WAP will not be used with clients 


that connect to the Internet. 


Because the RPis are used as 
Stationary devices, | didn’t need GPS. 
One thing | did need though was 
a rough idea of where to place the 
sensors. Based on readings, WI-FI 
is good for about 328 feet (100 
meters) with the omnidirectional 
antenna being used on the TP-Link 
card indoors. Having the existing 
wireless survey (or doing one) will be 
useful (see Wireless Survey sidebar). 
It will let you know where the 
existing WAPs are. This information 
also could come from the network 
documentation, if it exists. It is 
important to keep the detectors from 
being overpowered by approved 
access points. The wireless survey or 
network documentation also should 
provide the BSSIDs for the approved 


devices to be filtered out. 

The RPis have no shortage of 
operating systems to run. My choice 
for this project was to run Kali Linux 


Kali Linux: 


Kali Linux is the new version 

of Backtrack Linux—one of the 
specialized Linux distributions for 
penetration testing and security. It 

is currently based off Debian Linux, 
with security-focused tools preinstalled. 
Kali runs everything via the root login. 


Kali has builds available as ISOs and 
VMware images in 64-bit, 32-bit and 
custom-built ARM images for single 
card boards, Chrome OS and Android 
OS devices. 
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Airodump-NG 


Airodump is a raw 802.11 packet capture device. It is part of the Aircrack-NG suite. 
Normally, Airodump-NG will capture a file of packets to be cracked by Aircrack-NG. 
However, in my case, | wanted the feature where Airodump-NG can list the clients and 
access points it sees around it, which is about 300 feet indoors (this distance is based 
on documentation by the 802.11 standard). 


on the RPi, with Airodump-NG and rest of what | needed. 

Kismet. Originally, it was going to Kismet has two modes that can be 
be just Kali and Kismet, but | ran run. The first is the Kismet Server, 
into some limitations. The reason | which the Kismet User Interface 
chose Kali for this project, was the (Kismet Ul) connects to (Figure 1). 
hardware drivers for the network card The Kismet Ul shows the WAP name, 
| used didn’t need to be recompiled. if is an access point or not, encrypted 
Kali also came with Airodump-NG or not, the channel and other 
preinstalled, and an apt-get information. The “seen by” column 
update && apt-get install is the list of capture sources that 
kismet took care of installing the saw the WAPs. 


What Is Kismet? 


Kismet is an 802.11 wireless network detector, sniffer and intrusion detection system. 
Kismet will work with any wireless card that supports raw monitoring mode, and it can 
sniff 802.11b, 802.11a, 802.11g and 802.11n traffic (devices and drivers permitting). 


Kismet also sports a plugin architecture allowing for additional non-802.11 protocols 
to be decoded. 


Kismet identifies networks by passively collecting packets and detecting networks, 


which allows it to detect (and given time, expose the names of) hidden networks and 
the presence of non-beaconing networks via data traffic. 


78 / DECEMBER 2014 / WWW.LINUXJOURNAL.COM 


v kismet server - 


File Edit View Terminal Tabs Help 
~ Kismet Sort View Windows 


Figure 1. Kismet Network List 


Kismet calls the remote sensors 
drones. They're configured through 
the kismet drone configuration file in 
/etc/kismet/kismet_drone.conf. | found 
the documentation for setting up this 
part rather sparse. Everything | found 
spanned multiple years and didn’t go 
into too much detail. 

When | configured my drones, | set 
one up first and then cloned the SD 
card with the dd command. | copied 
the cloned image to the other SD 
cards, again using dd. To speed up dd, 
set the block size to about half the 


Elapsed 


Networks 


Pkt/Sec 


Filtered 


computer's memory. 

Making the drones this way did 
cause a problem with the wireless 
network cards. Use ifconfig to see 
what cards the system lists. As you 
can see from the screenshot shown in 
Figure 2, my droneQ2 has the wireless 
card listed as wlan1, and It is already 
in monitor mode. After the drives 
were all cloned, | just had to go in and 
make minor configuration changes— 
besides the wireless card change. 

The Raspberry Pi uses about 750 
mAh, and a 5-volt 1-amp power 
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Figure 2. iconfig Screenshot 


supply doesn’t put enough power 
out to start the wireless card after 
the Raspberry Pi is booted. Many of 
the forums | read said that you need 
something that puts out 1.5-2.1 
amps. | found that plugging in the 
card first prevents the extra draw, 
and | didn’t have a problem. 

In the steps below, if you plug 
in the Wi-Fi card after booting, 
you risk a power drop to the 
Raspberry Pi. The loss of power 
will crash the RPi, and the SD card 
could be corrupted. 
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First, download the Kali Raspberry Pi 
distro from the Kali Linux Web site. 

Copy the image to the SD card 
with the dd command or a tool like 
Win32Disklmage in Windows. This 
creates a bit-for-bit copy of the image 
on the SD card. It is similar to burning 
an ISO to a DVD or CD. 

Put the SD card into the RPi. Then, 
attach the Wi-Fi card you're using to 
a USB port. 

Attach a Cat5, Cat5e or Cat6 cable 


to the Ethernet port. Wired is used 
to communicate data to the network 
to prevent problems with the wireless 
card in monitor mode. 

Plug in the micro USB cable to turn 
on the RPi. Next, ssh to the device. 
You may need to do a port scan with 
nmap to find the RPi. Alternatively, 
you can use a monitor and keyboard 
to access the console directly. Again, 
have all peripherals plugged in prior 
to plugging in the power. 

The login is “root”, and the password 
is “toor’. 


Configure the Kismet Drone 
Configure ethO with a static IP 
address like in the static IP address 
screenshot (Figure 3). This is done 
under /etc/network/interfaces. 
Restart the networking with 
service networking restart or 
reboot. If you connected via SSH, 


you'll have to reconnect. 

Next, edit /etc/kismet/kismet_drone.conf. 
| have included a screenshot (Figure 4), 
but below are settings | used, and the 
fields that need to be changed. 

Set the following either to 
something that makes sense to you 
or the right information for your 
network and device. | used what | 
have configured for the examples. 

Name the drone with servername. 
This will show up in the bottom of the 
Kismet UI and logs when connecting. 

Use dronelisten to set the 
protocol, interface’s IP address and 
port for the drone is to listen on for 
servers’ connection. 

List what servers can talk to this 
drone with allowedhosts. This 
can be a whole network using CIDR 
notation or just individual boxes 
on the network, and also allow 
the drone to talk to itself with 


Figure 3. Static IP Address Screenshot 
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Figure 4. drone.conf 
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droneallowedhosts. 

Set the maximum number of servers 
that can talk to the drone with 
dronemaxclients. 

Set the max backlog of packets for 


the kismet drone with droneringlen 


Smaller than what | have might be 
better. | had problems with drone04 
crashing. It also was the one that saw 
the most networks. 

Turn off GPS with gps=false. 
You don't need it since these are 
Stationary devices and you should 
know where they are. 

Set the capture source, ncsource. 
This tells the system what interface to 
use and driver to use for that card: 


servername=Kismet-Drone-pi2 
dronelisten=tcp://192.168.1.12:2502 
allowedhosts=192.168.1.65 
droneallowedhosts==127.0.0.1 
dronemaxclients=10 
droneringlen=65535 

gps=false 

ncsource=wlanl: type=ath5k 


The rest of the options | left set to 
default. Unless you're in a country 
that uses more B/G channels than 
the US, there is nothing that needs 
to be modified. 

The last thing to configure on the 
drones is the /etc/rc.local file. This will 
Start the kismet drone program in the 


background when the RPi powers on. 
Add these two lines before the exit 
© so yours looks like the code below: 


# start kistmet 
/usr/bin/kismet_drone --daemonize 


exit 0 


Configure the Kismet Server on a 
PC or Server for the Drone Sensors 
There are two settings to change in 
/etc/kismet/kismet.conf. The first 

is in the ncsource. The second is 

the filter_tracking. 

The line below and related screen 
capture (Figure 5) tell Kismet what 
its capture sources are. In this case, 
nothing local is being used, just the 
drones. Repeat this line for each 
drone, with the proper information: 


ncsource=drone:host=192.168.1.12,port=2502,name=i2 


The line says the source Is a drone, 
the drone’s IP address, what port 
to connect to on the drone, and 
what the drone should show as in 
the Kismet Ul. The name is seen 
“network list” view and “network 
detail” view. | went with the two- 
character name of “i#” because the 
“Last Seen By” field in the network 
list has a hard-coded limit of ten 
characters. | wanted that field to 
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Figure 5. Kismet Server Sources 


show as many drones as it could. 

Next, filter out the known network 
BSSIDs. Previously, | mentioned 
that a wireless survey or network 
documentation should be able to 
provide this information. As you can 
see in the network list screenshot, 
several devices are listed. If you 
have devices you don’t want to 
see, you'll need to filter them out 
in the Kismet Server configuration 
file /etc/kismet/kismet.conf. 

In the configuration file, it has an 
example of: 


filter_tracker=ANY(!"00:00:DE:AD:BE:EF") 

In my version of Kismet, that did 
not work. | had to remove the quotes 
so the line looked like this: 


filter_tracker=BSSID(!00:00:DE:AD:BE:EF) 
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The bang (!) ignores that MAC 
address. This shows everything but 
ignored WAPs. Without the bang (!), 
Kismet would show only the WAP with 
that BSSID in the network list. The 
choices are ANY, BSSID, SOURCE and 
DEST. Although the documentation 
says you can use ANY with a bang (!), 
trying it fails. The error said to use 
one of the other three options. The 
MAC address can be stacked using a 
comma-separated list: 


filter_tracker=BSSID(!00:00:DE:AD:BE:EF,!00:0:DE:AD:BE:EE, 


w!00:00:DE:AD:BE:ED) 


With the Drone Sensor Network 
running, the network detail screen 
for an access point will show which 
drones see the WAP (Figure 6). But, 
this is a limitation of the system. 
This screen provides only the signal 


Name: <Hidden SSID> 
BSSID: 02:1D:D6:25:50:00 
Manuf: Unknown 
First Seen: 
Last Seen: 2:31:14 
Type: t (Managed/Infrastructure) 
Channel: 
Frequency: / (10) - 1 packets 
2 (11) 


7 (12) 


SSID: (Cloaked) 
Length: 0 
Type: Beacon (advertising AP) 
Encryption: WPA PSK AES-CCM 
Beacon %: 10 


Signal: -86dBm (max -85dBm) 
Noise: OdBm (max -256dBm) 
Packets: 
Data Packets: 
Mgmt Packets: 
Crypt Packets: 
Fragments: 
Retries: 
Data Size: 
Seen By: 14 (drone) d9512alc-1b4c-11e4-8c95-b502800b1802 
Aug 3 13:31:14 
Seen By: i2 (drone) d94ffa7a-1b4c-1le4-8c95-b3027e0b1802 
Aug 3 13:29:45 
Seen By: 15 (drone) d95159b0-1b4c-11e4-8c95-b602810b1802 
Aug 3 13:31:05 


Figure 6. Network Detail Screen 
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Figure 7. Drone2 airodump 


File Edit View Terminal Tabs Help 


Figure 8. Drone3 airodump 


strength for the drone with the 
strongest signal. This was the limit of 
Mr Pesce’s WRT54GL option. 

In Mr Pesce’s model, once the 
rogue WAP was detected, someone 
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had to go out and search. The 
search area was around all the 
drones that saw the rouge WAP. 
Although his design makes the 
search area smaller than a whole 
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Figure 9. Drone4 airodump 


building, it doesn’t triangulate very 
well. By using the RPis as drones, 
there is a second program you can 
use for triangulation. 
Airodump-NG, as | mentioned 
before, is for capturing packets on 
over Wi-Fi. The user interface, when 
running Airodump-NG, provides 
several bits of information. The 
ones you want are BSSID, PWR 
(power measured in negative DB), 
Channel and ESSID (Figures 7-9: 
each image shows a different power 


level, which when used with the 
Roosevelt picture, shows how to use 
it for triangulation). 

ssh to each RPi drone, and run 
this command. Don’t forget to 
replace the bssid with the MAC 
address of the WAP you are looking 
for and the interface for what that 
drone is monitoring with: 


airodump-ng --bssid <MAC ADDRESS> <interface> 


Note: | did not use the channel 
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Figure 10. Map of Roosevelt Hall at Eastern Michigan University (Google Maps) 
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command in the above line to lock 

a channel. This would interfere with 
data going back to the Kismet Server 
and lose the device if the WAP is 
configured for channel hopping. 


Proof of Concept 

| did my proof of concept at 
Eastern Michigan University’s 
Roosevelt Hall, which is where 
my degree program’s labs are. In 
the map of Roosevelt Hall (Figure 
10), there are three drones. This 
was due to power and Ethernet 
cable limitations. There is also a 
rogue WAP (rogue_ap_pi), hidden 
by my professor. Kismet showed 
me all the networks in the area, 
because | didn’t have BSSIDs to 
filter them out. Again, this is 
where having network 
documentation or a wireless 
survey would be helpful. 

Drone3 and drone4 are ina 
hallway. Drone2 is in one of the lab 
rooms, with the Linksys network 
and my laptop running the Kismet 
Server and Kismet Ul. When drone4 
was just inside the lab’s door, there 
was a 10DB signal loss. Again, a 
wireless survey would have helped, 
because it would show how much 
signal the walls blocked. 

Once | had the system up and 
running and the drones where | 
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wanted them, my professor hid 
the rogue WAP somewhere on 
the same floor. By looking at the 
power levels, | was able to figure 
out where to go to find the rouge 
WAP. | knew that drone4 was the 
closest and that the rogue WAP was 
on the other side of that drone. 

| walked down that hallway and 
found the rogue WAP in less than 
two minutes. It was hidden under 
a bench in the hall, outside a 
classroom and the other lab. 
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Limitations of the Wi-Fi Card 

The last limitation | want to cover 
is the TP-Link TL-WN722N card. 

| went with this card because of 
the cost, the external antenna, 
the power draw when plugged in 
to the RPi and its availability at a 
local store. The card can talk only 
on the 2.4GHz range, meaning that 
it picks up only 802.11 B, G and 
N networks. It does not have the 
ability to detect or use the 5GHz 
range used by parts of N, A or the 
new AC networks. 

Although | have a couple ALFA 
wireless cards, and one that should 
be able to detect A and AC, | do 
not know if | could run them on 
the RPi drone without a separate 
powered USB hub. 

This setup also does not detect 
Zigbee/Xbee or Bluetooth. Xbee 
uses both 900MHz and 2.4GHz. 
Bluetooth uses 2.4GHz. Although 
both devices use 2.4GHz, 
frequencies (channels) are outside 
the Wi-Fi card’s range. Mike 
Kershaw (aka Dragorn, Kismet’s 


Resources 


Kismet: http://kismetwireless.net 


Kali Linux: http://www.kali.org 
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developer) is working on a hardware 
and software Xbee detector 

called kisbee. An Ubertooth 

One should work with Kismet 

to detect Bluetooth. 

Cell phones and related cellular 
network cards also would be 
missed. Phones operate outside 
the Wi-Fi card’s range, unless the 
phone is a Wi-Fi hotspot. The new 
HackRF One card might be able to 
detect the cellular networks, as 
well as A/B/G/N/AC Wi-Fi, Xbee 
and Bluetooth, but | haven't gotten 
one to play with, and they would 
drive up the cost to about $300 
USD per sensor.m 


Chris Jenks is a senior in Information Assurance at Eastern 
Michigan University. He has more than 15 years of experience 
in networking and system administration. He has presented 
on Linux Hardening at DebryCon, GrrCON, and Bsides Detroit; 
and on Open Source Intelligence at Circle City Con. 
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The Usability 
of GNOME 


Jim Hall writes about his latest usability study of 
open-source software, doing a “deep dive” into the 
usability of the GNOME desktop. 


JIM HALL 


| work ata university, and one of 
our faculty members often repeats 
to me, “Software needs to be like 
a rock; it needs to be that easy to 
use.” And, she’s right. Because if 
software is too hard to use, no one 
will want to use it. 

| recently spoke at GUADEC, 
the GNOME Users And Developers 
European Conference, and | opened 
my presentation with a reminder that 
GNOME is competing for mind share 
with other systems that are fairly easy 
for most people to use: Mac, iPad, 
Windows and Chromebook. So for 
GNOME to continue to be successful, 
it needs to be easy for everyone to 
use—experts and newcomers alike. 
And, that’s where usability comes in. 

So, what Is usability? Usability is 
about the users. Users often are busy 
people who are trying to get things 
done. They use programs to be 
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productive, so the users decide when 
a program is easy to use. Generally, 
a program has good usability if it 

is easy for new users to learn, easy 
for them to use, and easy for them 
to remember when they use the 
program again. 

In a more practical view, average 
users with typical knowledge should 
be able to use the software to 
perform real tasks. The purpose of 
usability testing, therefore, is to 
uncover issues that prevent general 
users from employing the software 
successfully. As such, usability testing 
differs from quality assurance testing 
or unit testing, the purpose of which 
is to uncover errors in the program. 
Usability testing is not a functional 
evaluation of the program's features, 
but rather a practical determination 
of the program's operability. 

Usability testing does not rely on 


Usability cannot be addressed only at the end of 
a software development lifecycle. If you wait until 
the end, it is usually too late to make changes. 


a single method. There are multiple 
approaches to implement usability 
practices, from interviews and 
focus groups to formal usability 
testing. Whatever method you use, 
the value of usability testing lies in 
performing the evaluation during 
development, not after the program 
enters functional testing when user 
interface changes become more 
difficult to implement. In open- 
source software development, the 
community of developers must 
apply usability testing iteratively 
throughout development. Developers 
do not require extensive usability 
experience to apply these usability 
practices in open-source software. 

| prefer the formal usability test, and 
it’s not hard. You can gain significant 
insight just by gathering a few testers 
and watching them use the software. 
With each iteration, usability testing 
identifies a number of issues to 
resolve and uncovers additional issues 
that, when addressed, will further 
improve the program's ease of use. 
Usability cannot be addressed only at 
the end of a software development 


lifecycle. If you wait until the end, it is 
usually too late to make changes. 


How to Run a Usability Test— 
Usability Testing in GNOME 

| recently worked with the GNOME 
Design Team to examine the usability 
of GNOME. This was an opportune 
moment to do usability testing in 
GNOME. The project was in the 
process of updating the GNOME 
design patterns: the gear menu, the 
application menu, selection mode and 
search, just to list a few. | assembled a 
usability test to understand how well 
users understand and navigate the 
new design patterns in GNOME. Here 
is how | did that. 

The first step in planning a usability 
test is to understand the users. Who 
are they, and what tasks do they 
typically want to perform? With 
GNOME, that answer was easy. 

The GNOME Web site explains that 
“GNOME 3 is an easy and elegant way 
to use your computer. It is designed 
to put you in control and bring 
freedom to everybody.” GNOME is for 
everyone, of all ages, for casual users 
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and software developers. 

From there, | worked with the 
GNOME Design Team to build a 
usability test for these users. The 
test also needed to exercise the 
GNOME design patterns. | compared 
the design patterns used by each 
GNOME program and decided five 
GNOME applications provided a 
reasonable representation of the 
design patterns: 


1. gedit (text editor) 

2. Web (Web browser) 

3. Nautilus (file manager) 

4. Software (similar to an app store) 

5. Notes (a simple note-taking program) 


Having decided on the programs, 
| wove a set of test scenarios that 
exercised the design patterns around 
tasks that real people would likely 
do. Designing the test scenarios Is 
an important part of any usability 
test. You need to be very careful 
in the wording. It is too easy to 
“give away” accidentally how to do 
something just by using a particular 
turn of phrase. For example, one of 
my scenarios for Web asked testers 
to “Please make the text bigger” on 
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a Web site—not to “Increase the font 
size”, which would have hinted at 
the menu action they would need to 
use to accomplish the task. 

Because | work on a university 
campus, | invited students, faculty and 
staff to participate in a usability study. 
Volunteers were selected without 
preference for gender, age group 
or level of experience. This reflects 
GNOME's preference to target a 
broad range of users. Each tester was 
given a $5 gift card to the campus 
coffee shop as a “thank you” for 
participating in the usability test. 

In total, 12 testers participated in 
the usability test, representing a mix 
of genders and an age range spanning 
18-74. Participants self-identified 
their level of computer expertise on a 
scale from 1 to 5, where 1 indicated 
“No knowledge” and 5 meant 
“Computer expert”. No testers 
self-identified as either 1 or 5. Instead 
they filled a range between “2: | 
know some things, but not a lot”, and 
“A: 1am better than most”, with an 
average rating of 3.25 and a mode of 
“3: lam pretty average.” 

Before each usability test session, 
every participant received a brief 
description of the usability study, 
explaining that this was a usability 
test of the software, not of them. 

This introduction also encouraged 


testers to communicate their thought 
orocess. If searching for a print 
action, for example, the participant 
should state “| am looking for a 
‘Print’ button.” Testers were provided 
a laptop running a “liveUSB” image 
of GNOME 3.12 containing a set 
of example files, including the text 
file used in the gedit scenario tasks. 
However, the USB image proved 
unstable for most programs in 
the usability test. To mitigate the 
Stability issues, | rebooted the laptop 
into Fedora 20 and GNOME 3.10 
to complete the scenario tasks for 
Web, Nautilus, Software and Notes. 
In testing GNOME, each participant 
used a separate guest account that 
had been pre-loaded with the same 
example files. These example files 
also included items unrelated to the 
usability test, similar to how real users 
keep a variety of documents, photos 
and other files on their computers, 
allowing participants to navigate these 
contents to locate files and folders 
required for the scenario tasks. 

At the end of each usability test, 
| briefly interviewed the testers to 
probe their responses to the tasks 
and programs, to better understand 
what they were thinking during 
certain tasks that seemed particularly 
easy or difficult. Overall, the 
usability test included 23 scenario 
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tasks, which most testers completed 
in 50-55 minutes. 


My Usability Test Results 

The value of a usability test is 
finding areas where the program is 
difficult to use, so developers can 
improve the interface in the next 
version. To do that, you need to 
identify the tasks that were difficult 
for most users to perform. 

You easily can see the usability 
test results by using a heat map. 
This kind of visualization neatly 
summarizes the results of the 
usability test. In the heat map, 
each scenario task is represented 
in a separate row, and each block 
in the row represents a tester’s 
experience with that task (Figure 
1). Green blocks indicate tasks that 
testers completed with little or no 
difficulty, and yellow blocks signify 
tasks that presented moderate 
difficulty. Red boxes denote 
tasks where testers experienced 
extreme difficulty or where testers 
completed tasks incorrectly. Black 
blocks indicate tasks the tester was 
unable to complete, while white 
boxes indicate tasks omitted from 
the test, usually for lack of time. 

The “hot spots” in the heat 
map show tasks that were difficult 
for testers. 
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edit GNOME 3.17 
Coen a file 
simple edits 
Find and replace text 
Save under a different name 
e the default font 


Web GNOME 3.10 
search for a website 
Increase the text size 
Cipen new tab, website 


Create a bookmark 


Nautilus GNOME 3.10 
Create a folder 
Copy a folder to a location | | 
Move a folder to a location Bel 
Rename a folder 
Create a bookmark 
Delete a file Oi | 
Search for a file 2 | 


Software GNOME 3.10 
Install a program 
Remove a program 


Notes GNOME 3.10 
Create two notes 
Edit a note 

Change the default font 
Delete all notes 


Figure 1. Usability Heat Map 
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Figure 2. Header Bar for gedit, Showing the Gear Menu 


1) Interestingly, all participants 
experienced significant issues with 
changing the default font in gedit 
(GNOME 3.12). A significant number 
of testers were unable to accomplish 
a similar task in Notes. In observing 
the tests, the testers typically looked 
fora “font” or “text” action under 
the gear menu. Many participants 
referred to the gear menu as the 
“options” or “settings” menu 
because of a previous affiliation 
with the gear icon and “settings” 
in other Mac OS X and Windows 
applications (Figure 2). 

These participants expected that 
changing the font was an option in 
the program, and therefore searched 
fora “font” action under the gear 
or “options” menu. Part of this 
confusion stemmed from thinking 
of the text editor as though it were 
a word processor, such as Microsoft 
Word, which uses items in menus 
or on a toolbar to set the document 
font. This behavior often was 
exhibited by first highlighting all 
the text in the document before 
searching for a “font” action. 


2) In the Nautilus file manager, 
testers also experienced serious 
difficulty in creating a bookmark to a 
folder. In GNOME, this task is usually 
achieved by clicking into the target 
folder then selecting “Bookmark this 
Location” from the gear menu, or by 


Devices 


Computer 


Project.2 
Network 


G? Browse Network 


a Connect to Server 


Figure 3. Dragging a Folder to Create a 
Bookmark in Nautilus 
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clicking and dragging the intended 
folder onto “Bookmarks” in the left 
pane (Figure 3). 

However, testers initially addressed 
this task by attempting to drag the 
folder onto the GNOME desktop. 
When interviewed about this 
response, almost all participants 
indicated that they prefer to keep 
frequently accessed folders on the 
desktop for easier access. Most 
testers eventually moved the target 
folder into the Desktop folder in 
their Home directory, and believed 
they successfully completed the task 
even though the target folder did not 
appear on the desktop. 

3) Testers also experienced 
difficulty when attempting “find 
and replace text” in gedit. In this 
task, testers employed the “Find” 
feature in gedit to search for text in 
the document. Experimenting with 
“Find”, testers said they expected 
to replace at the same time they 
searched for text. After several failed 
attempts, testers usually were able to 
invoke the “Find and Replace” action 
successfully under the gear menu. 

Although the overall GNOME 
desktop was not part of the usability 
test, many testers experienced 
difficulty with the GNOME “Activities” 
hot corner. In the GNOME desktop 
environment, the Activities menu 
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reveals a view of currently running 
programs and a selection of available 
programs. Users can trigger the 
Activities menu either by clicking 
the “Activities” word button in the 
upper-left corner of the screen or by 
moving the mouse into that corner 
(the “hot corner”). Although testers 
generally recovered quickly from the 
unexpected “hot corner” action, 
this feature caused significant issues 
during the usability test. 


General Issues 
The open-source software usability 
challenge is cultural. To date, 
usability has been antithetical to 
open-source software philosophy, 
where most projects start by solving 
a problem that is interesting to the 
developer, and new features are 
incorporated based on need. Crafting 
new functionality takes priority, 
and open-source developers rarely 
consider how end users will access 
those features. 

However, a key strength of open- 
source software development is 
the developer-user relationship. In 
open-source software projects, the 
user community plays a strong role in 
testing new releases. Unfortunately, 
testers cannot rely on the typical 
user-testing cycle to provide sufficient 
user interface feedback. Developers 


can learn a great deal simply by 
observing a few users interacting with 
the program and making note where 
testers have problems. This is the 
essence of a usability test. 

Usability tests need not be 
performed in a formal laboratory 
environment, and developers do 
not need to be experts in order to 
apply usability testing methodology 
to their projects. Developers need 
only observe users interacting with 
the program for usability issues to 
become clear. A handful of usability 
testers operating against a prototype 


provides sufficient feedback to make 
informed usability improvements. And 
with good usability, everyone wins.m 


Jim Hall is an advocate for free and open-source software, 
best known for his work on the FreeDOS Project. At work, 
Jim is the IT Director and IT Executive at the University 

of Minnesota Morris. In May, Jim received his Master's 

in Scientific and Technical Communication, studying the 
usability of open-source software. 
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How CanWe ~*™ 
Get Business 

to Care about 
Freedom, 
Openness and 
Interoperability? 


They use our stuff. Why not our values too? 


t this point in history, some degree connected on the Net. 
A arguments for using Yet, it remains a vast feudal system 

Linux, FOSS (free and of suppliers that nearly all work to 
open-source software) and the lock doctors, hospitals and labs into 
Internet make themselves. Yet dependency on closed, proprietary, 
the virtues behind those things— incompatible, non-interoperable 
freedom, openness, compatibility, and non-substitutable systems. I’ve 
interoperability, substitutability—stil witnessed these up close as a patient. 
tend to be ignored by commercial In one case, diagnostic scans by 
builders of new stuff. one machine and software system 

For example, US health care, like couldn't be read by computers with 

pretty much every business category, software designed to read the output 
is full of Linux and FOSS, and is to of a different company’s scans. In 
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another case, records kept by one 
specialty failed to inform another 
specialty in the same hospital. 

The first one gave me a case of 
pancreatitis, and the second one gave 
my mother a fatal stroke. 

We are seeing the same thing start 
to happen already with the Internet 
of Things (loT), about which Bruce 
Sterling (http://en.wikipedia.org/ 
wiki/Bruce_Sterling) has written 
a brilliant essay titled The Epic 
Struggle of The Internet of Things 
(http://www.amazon.com/The-Epic- 
Struggle-Internet-Things-ebook/ 
dp/BOON8AIFYC). “The first thing 
to understand about the ‘Internet 
of Things’”, he says, “is that it’s 
not about Things on the Internet. 

It’s a code term that powerful 
stakeholders have settled on for their 
own purposes. They like the slogan 
‘Internet of Things’ because it sounds 
peaceable and progressive. It disguises 
the epic struggle over power, money 
and influence that is about to ensue. 
There is genuine Internet technology 
involved in the ‘Internet of Things’. 
However, the legacy Internet of 
yesterday is a shrinking part of what 
is at stake now.” 

It’s actually worse than that: 


An Internet of Things is not 
a consumer society. It’s a 


materialized network society. It’s 
like a Google or Facebook writ 
large on the landscape. 


Google and Facebook don’t have 
“users” or “customers”. Instead, 
they have participants under 
machine surveillance, whose 
activities are algorithmically 
combined within Big Data silos. 
They don't need the reader 

to be the hero. He’s not some 
rational, autonomous, economic 
actor who decides to encourage 
the Internet of Things with his 
purchasing dollars. They're much 
better off when those decisions 
are not his to make. 


The reader may be allowed 

to choose the casing of his 
smartphone and the brand of his 
vacuum cleaner, but the digital 
relation between the two of them 
is not his decision. He still has a 
role of sorts, but it’s much like 
the role he has within Google 
and Facebook. He gets fantastic 
services free of charge, and he 
responds mostly with dropdown 
menus and check boxes, while 
generating data whose uses and 
values are invisible to him. 


The reader didn’t build the 
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If we’re geeks like most Linux Journal readers, 
we’re already doing our part, laboring away 

on free and open-source stuff, and using as much 
free and open stuff as we can. 


phone or the vacuum cleaner. He 
can’t repair or modify them. He 
doesn't understand their technical 
workings, and when the two of 
them interact (by various adroit 


willingly involved in their systems. 
The Internet of Things is basically 
a recognition by other power- 
players that the methods of the 
Big Five have won, and that they 


forms of wireless communication), should be emulated. 
he’s not in charge of that, or of 
where the data goes.... The Big Five are smart, profitable, 
capable and colossal. They are as 
The reader is not a “customer” of entirely free of political constraint 
as the railroads or Standard Oil 


were in their own heyday.... 


Facebook because he never paid 
for Facebook. Facebook's genuine 
customers are the marketers— 
those who pay Facebook for 

the hard labour of surveilling 

the billion people on Facebook. 
Facebook is one of the “Big Five” 
of Facebook, Amazon, Google, 
Microsoft and Apple.... 


Phil Windley calls this The Compuserve 
of Things (http://www.windley.com/ 
archives/2014/04/the_compuserve_of_ 
things.shtml), and says: 


On the Net today we face a 
choice between freedom and 
captivity, independence and 
dependence. How we build 


The Big Five are the genuine 
heroes of the Internet of Things. 
The epic drama of the Internet 
of Things is really their story. It’s 
not a popular uprising—except 
in the sense that the Big Five are 
really, really, really “popular” — 
because billions of people are 


the Internet of Things has 
far-reaching consequences for 
the humans who will use—or 
be used by—it. Will we push 
forward, connecting things 
using forests of silos that are 
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reminiscent the online services of 
the 1980s, or will we learn the 
lessons of the Internet and build 
a true Internet of Things? 


Well, it depends on who “we” are. 
If we’re geeks like most Linux Journal 


readers, we're already doing our part, 


laboring away on free and open-source 
stuff, and using as much free and 
open stuff as we can. But we're not 


en Saicats 


= INFRASTRUCTURE 


’ EOF 


the ones running the companies 
building closed and silo’d systems, 
including proprietary networks of 
things. And those folks aren’t getting 
the lessons we've been teaching for 
decades. Why is that? 

One dividing line is between 
standards and platforms built 
on them. This is also the line 
between infrastructure and 
commerce in the “layers of time” 


rt a 


ace TD 


Figure 1. Layers of Time (from The Long Now Foundation) 
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Geeks working down in the lower geology layers 
tend to be as oblivious to what happens at the 
Commerce and Fashion layers as the core of the 


Earth is to civilization. 


graphic from The Long Now 
Foundation (http://longnow.org)— 
see Figure 1. 

FOSS building materials are all 
at the Infrastructure layer. So are 
the standards that create the Net 
and the Web: TCP/IP, HTTP and the 
rest. These and countless thousands 
(millions?) of standards and code 
bases support boundless freedom 
and generativity for everything 
that’s built on them and with 
them, up at the Commerce and 
Fashion-Art levels. 

But all the Big Five, while founded 
on those standards, and packed 
with FOSS code, need to compete 
at the commerce level. This tends 
to subordinate freedom, interop, 
generativity and the rest—except 
within their own feudal empires. 
There they can do a pretty good job. 

For example, most of the big 
platforms come with SDKs (software 
development kits), APIs (application 
programming interfaces) and other 
means for encouraging, producing 
and supporting lots of code—and 
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dependencies. This is why there are 
more than a billion apps each on iOS 
and Android. 

But platforms can also change fast 
(http://scripting.com/2014/07/07/ 
comparingApis.html) and put 
dependent developers and users at 
their mercy, aS many discovered when 
Twitter pulled the rug out from under 
them in 2012 by changing its API 
(http://www.techradar.com/us/news/ 
world-of-tech/twitter-to-developers- 
screw-you-guys-1092570). This was a 
huge interop fail for many code bases, 
some of which died. 

Infrastructural standards and code 
bases (such as Linux and Apache) 
come up from lowest level—Nature— 
and bubble up through their cultures 
and governance norms. None of those 
norms arise from government policies, 
in spite of what the Governance layer 
suggests in that graphic. As David 
Clark (http://en.wikipedia.org/ 
wiki/David_D._Clark) famously put 
it to (and for) the IETF in 1992, “We 
reject: kings, presidents and voting. 
We believe in: rough consensus and 


running code” (Lessig, Code 2.0, 
p. 4: http:/Awww.codev2.cc/ 
download+remix/Lessig-Codev2.pdf). 

Geeks working down in the 
lower geology layers tend to be 
as oblivious to what happens at 
the Commerce and Fashion layers 
as the core of the Earth is to 
civilization. Some of us have heard 
Linus say “| do kernel space” 
(http://www.linfo.org/kernel_ 
space.html). “| don’t do user space” 
(http://www.linfo.org/user_space.html). 
That’s because Linux developers make 
a sharp distinction between those two 
spaces, by name. The deep nature of 
Linux is in its kernel, whose job (as 
working infrastructure) is to support 
everything above it without prejudice 
(http://www. linuxjournal.com/ 
article/8664). In other words, it tries 
to be as neutral as possible. 

But up at the Commerce and 
Fashion-Art levels, where most 
people acquire goods and live with 
them, few are concerned that a 
billlon+ iOS apps run only on 
Apple hardware, or that a billion+ 
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Android apps run on hardware 
from makers required to privilege 
Google's apps first. Or that the 
walls of those feudal empires 
block views toward negative 
externalities, one of which is 
restricted (or absent) inter-empire 
interoperability. As a result we 
have a marketplace where the 
benefits of freedom and openness— 
taught by the Net, the Web, open 
standards, open code and open 
hardware—aren’t seen, because 
their first causes are out of sight: 
buried down at the infrastructure 
layer and below. 

But some geeks aren’t forgetting. Cory 
Doctorow (http://craphound.com), for 
example, warns of a coming “civil war” 
(http://boingboing.net/2012/08/23/ 
civilwar.html) between general- 
purpose and special-purpose 
computing. The white-box PC, 
for example, is general-purpose. 
Meanwhile, we still have no 
equivalent with smartphones 
and tablets. Instead we have closed 
and locked things that foreclose on 


The Net and the Web were both built on software 
and hardware that leveraged standard, open 
and general-purpose equipment, protocols and 


code bases. 
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many freedoms. 

The Net and the Web were both 
built on software and hardware 
that leveraged standard, open 
and general-purpose equipment, 
protocols and code bases. 
Smartphones and tablets take 
advantage of those things, but limit 
what people can do with them. 
Apps are available only in stores, 
which are closed and private. Apps 
themselves also tend to be silo’d. 
They may operate on your phone, 
but don’t easily interoperate with 
each other. Try gathering data 
from all your fitness and health 
apps into a place of your own. 
Even if you can, such as with 
DigiFit (http://www.digifit.com), 
it’s in yet another company’s silo. 

Research on the questions raised 
by these issues is remarkably thin. 
Toward relieving that, Urs Gasser 
(http://cyber.law.harvard.edu/ 
people/ugasser) and John Palfrey 
(http://cyber.law.harvard.edu/ 
people/jpalfrey), colleagues of 
mine at the Berkman Center 
(http://cyber.law.harvard.edu), 
published /nterop: The Promise and 
Perils of Highly Interconnected Systems, 
in 2012 (http:/www.amazon.com/ 
Interop-Promise-Perils-Interconnected- 
Systems/dp/0465021972). In it they 
argue for “a nuanced and stable 
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theory of interoperability” that can 
resolve issues at the four layers 
at which they see interoperability 
playing: technological, data, human 
and institutional. 

I've been watching problems 
at all four layers for the past 
eight years through ProjectVRM 
(http://cyber.law.harvard.edu/ 
projectvrm/Main_Page), which seeks 
to provide individuals with tools for 
both independence and engagement in 
the commercial world. All the projects 
and companies on our developers 
list (http://cyber.law.harvard.edu/ 
projectvrm/VRM_Development_Work) 
do their best to reconcile the need 
for interop and substitutability with 
commercial imperatives: attracting 
investment and partners, competing 
and so on. 

Some efforts are formal and 
involve a number of players 
that compete in a cooperative 
framework. The Respect Network 
(https://www.respectnetwork.com), 
for example, includes dozens of 
partner organizations committed 
to the Respect Trust Framework 
(http://openidentityexchange.org/ 
trust-frameworks/respect-trust- 
framework), which assures both 
interoperability and substitutability 
between service providers. 

But it’s an uphill battle, and has 


been for a long time. 


As | see it (and I’ve been looking Advertiser 
at this for Linux Journal since the Inclex 


mid-1990s), the biggest conflict 
for Interop is freedom vs. captivity. Thank you as always for supporting our 
Developers that value freedom advertisers by buying their products! 
tend to maximize interop, while 
developers that value captivity tend 
to minimize interop. And most of 
what we get are compromises. 

| believe the main problem is 
simply ignorance of consequences, EmperorLinux p/Awww.emperorlinux.com 
which is an old problem with 
business. But | also believe in 
research. Urs recently wrote to one 
of the Berkman lists, asking for 
“the most challenging, fascinating, ipiseieoa ee ee 
puzzling...interop stories, questions, 
problems, opportunities...that you’ve 
been thinking about recently” — 
toward fresh research on interop. 

Let’s give him some of those. 
Comment below (when this goes The Linux Journal brand's following has 
up on the Web) or write me grown to a monthly readership nearly 
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